![Group 2533.png]](https://www.northgrc.com/hs-fs/hubfs/NorthGRC/Group%202533.png?height=40&name=Group%202533.png){kind=small}
Security in NorthGRC
This document describes the overall architecture and security design of NorthGRC.
Confidentiality, Integrity and Availability
NorthGRC uses Amazon Web Services (AWS) as infrastructure for NorthGRC hosting. AWS is among the world's largest cloud service vendors, and many large companies use the Amazon platform. Amazon handles all the infrastructure associated with physical security, such as power, cooling, and internet connections. Amazon offers its AWS hosted in several locations worldwide. However, NorthGRC is only hosting NorthGRC on the Amazon data centers in Frankfurt, Germany.
Infrastructure description
NorthGRC consists of two parts, a frontend hosted on web servers and executed in the clients browsers, and a backend of microservices and a database cluster. Both frontend and microservices are hosted in a Kubernetes cluster, which provides load balancing and redundancy to obtain a highly available service. Remote management access to the Kubernetes cluster and the backend database cluster is limited to a few employees within NorthGRC. All non encrypted HTTP requests will be redirected to HTTPS, which is the only public allowed protocol into the private cloud zone. The database is a PostgreSQL service hosted within the same private cloud as the application cluster, and all access to the database server is limited to this zone. Cluster Web servers are using NorthGRC SSL certificates. We only allow strong encryption protocols, so clients need to have updated applications and operating systems to gain access to the application. Amazon provides port level firewalling and filtering services and Linux cluster nodes use local firewalling to allow only SSH, HTTP and HTTPS.
Risk assessment
NorthGRC regularly performs risk assessment of Amazon as an ‘infrastructure-as-a-service’ (IaaS) provider. The results are compared to other IaaS providers: Amazon has a large financial capability, a large security and operations investment, and because of the large market share, a stronger interest to continue offering secure services.
Data Segregation
Each customer is allocated his own separate database. All access to the database is managed through a security token linked to each user, ensuring that users from one customer cannot access data in other databases, even if the application code contains bugs.
Backup
At least twice per day the server makes an image of all data in the database. The backup is AES encrypted with a customer specific key, before moved to a centralized storage (S3). The daily backups are stored for five years, where they are automatically deleted. On request, NorthGRC can manually delete all backups. The Amazon servers monitor backup jobs and notify NorthGRC in case of errors. Such notices automatically create a support ticket in NorthGRC's support system. NorthGRC reserves the right to make additional backups of data and store these securely outside of Amazon.
Compliance
Despite the physical location of data in Frankfurt (EU), SaaS customers are not allowed to use NorthGRC to store or process sensitive personal identifiable information. NorthGRC has signed a DPA (Data Processing Agreement) with Amazon.
Certifications and Audits
Amazon AWS, including the EC2 services used by NorthGRC, is ISO 27001 certified. ISO 27001 certified companies are subject to recurring internal and external audits. Amazon is also FedRamp and PCI DSS level 1 certified, and subject to SSAE 16 and SCO2 audits. Audit reports are available at Amazon on request. Amazon has mapped its security controls to the Cloud Security Control Matrix and has submitted a publicly available response to the START register of Cloud Security Alliance. Please refer to http://aws.amazon.com/security/ for more information.
Availability Zones
NorthGRC is by default not using other availability zones than The Amazon Frankfurt but reserves the right to fail over to other availability zones within the EU (France, Sweden or Ireland).
Penetration Test
Recurring vulnerability scans are performed as a part of NorthGRC's ISO 27001 ISMS tasks. Denial of service tests are only performed inside the planned service windows to ensure service capacity for our customers.
Secure Application Design
SaaS is a three-tier application design in which the presentation layer, business logic and data layers are physically separated. Thus, the application can only write to the database through the controls provided by the business logic layer. This is protecting NorthGRC from SQL injection attacks reducing the likelihood of integrity breaches.
All three layers are deployed separately and designed to scale depending on the cluster node load. This ensures that the service is always available and responding.
Integration
NorthGRC provides Application Programmers Interfaces (APIs) for internal use and to allow integration with other applications. The APIs are used by the NorthGRC frontend to access security, all business logic and database data. The API is only accessible through secure encrypted https and obtained valid security tokens needs to be included in all calls.
NorthGRC staff access
NorthGRC Support staff cannot login to the NorthGRC instance dedicated to the end customer unless the customer creates and shares login credentials for support purposes. NorthGRC Support staff can create a new User Manager or add a User Manager role to an existing user on request from a customer. All access (including Support staff access) is visible to the Customer in the activity log.
Updates
NorthGRC releases NorthGRC updates to the cluster when new versions of NorthGRC become available. Customers can expect at least 4 updates per year. Updates are primarily performed in the standard service window which is the night between Saturday and Sunday from 00:00 pm to 02:00 pm CET.
Disclaimer
Amazon offers an SLA to NorthGRC for their service https://aws.amazon.com/ec2/sla/.
NorthGRC can never offer NorthGRC customers better service or better terms than what Amazon at any time offer and deliver to NorthGRC. NorthGRC offers customers credit for service downtime in NorthGRC using the same calculation model and conditions that Amazon uses for crediting NorthGRC. NorthGRC liability is limited according to the End User License Agreement for SaaS.