!

CLOUD ARCHITECTURE AND SECURITY 2016

Documentation relating to Digital Cabinet Version 2.2

Published by Digital Cabinet (Pty) Ltd.

© Copyright Digital Cabinet (Pty) Ltd. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying, without the written permission of Digital Cabinet (Pty) Ltd.

Updated March 2016

web: www.digitalcabinet.co.za

Digital Cabinet (Pty) Ltd, 116 Boeing Rd East Johannesburg, 2007

Tel: +27 11 453 3679

email: support@digitalcabinet.co.za

CONTENTS 3. Contents

4. Introduction

5. Cloud Architecture

• On-demand self-service

• Broad network access

• Resource pooling

• Rapid elasticity

• Measured service

7. Infrastructure

• Data center operations

• Physical security

• Access management

• Virtualization

9. Application Security

• Authentication and authorization

• Password policy

• Encryption

• Audit and logging

• Monitoring and updates

• Penetration testing

12. Disaster Recovery and Backup

• Data replication

• Infrastructure redundancy

• Employee training

• Process review and testing

• Monitoring

15. Compliance

16. Governance and Risk Management

17. Conclusion 3

INTRODUCTION

Cloud Computing, and in particular SaaS (Software-as-a-Service) offers irresistible benefits for organizations of all sizes - from cost savings to scalability to mobile accessibility. It is an increasingly popular delivery model for a wide range of business applications.

Benefits to be had from adopting the SaaS model include:

• Cost savings: Moving from the capital-heavy expense of installing, maintaining and upgrading on-premise IT infrastructure to the operational cost of a SaaS subscription is a tempting proposition, particularly in the short-to-medium term.

• Scalability: As businesses grow and customers need to add more users, rather than investing in additional in-house server capacity and software licenses, customers can adjust their monthly SaaS subscription as required.

• Accessibility: A browser and an internet connection is all that's usually required to access a SaaS application, which can therefore be made available on a wide range of desktop and mobile devices.

• Upgradeability: Cloud service providers deal with hardware and software updates, removing a significant workload from an organization’s in-house IT department. 

• Resilience: Because the IT infrastructure, and customer data, resides in the cloud service provider's data center, if some form of disaster should strike an organization's premises, they can get back up and running relatively easily from any location with internet-connected computers.

Digital Cabinet leverages the power of SaaS to provide scalable and flexible web-based solutions to the North American market. The primary concern for organizations considering SaaS is often security, therefore we have devoted extensive time and resources to ensuring that all aspects of security are thoroughly addressed.

4

CLOUD ARCHITECTURE

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services). The cloud model envisages a world where components can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down to provide an on-demand utility-like model of allocation and consumption.

Digital Cabinet is designed around a model of cloud computing that can be described by five essential characteristics, three service models, and four deployment models as seen in the figure below.

Essential Characteristics

Service Models

Deployment Models

Figure 1 - Model of Cloud Computing

Digital Cabinet's Cloud service can be classified as a third-party managed SaaS (Software-as-a-Service) solution. Depending on customer requirements, the solution can be tailored to be Public, Private, or Hybrid. The following table summarizes the various deployment models:

Figure 2 - Deployment Models

5

On-demand self-service

Consumers can unilaterally provision computing capabilities such as server time and network storage as needed automatically, without requiring human interaction with a service provider. Digital Cabinet's Administration interface allows for easy provisioning of resources.

Broad network access

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g. mobile phones, laptops) as well as other traditional or cloud-based software services. Digital Cabinet is web-based and easily accessed through modern browsers on internet enabled devices.

Resource pooling

Computing resources are pooled to serve multiple consumers using a multi-tenant model with different traditional and virtual resources dynamically assigned according to customer demand. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. According to customer needs, Digital Cabinet is deployed either to a dedicated traditional environment, or to a virtualized environment. Load balancing is implemented as necessitated by consumer volumes.

Rapid elasticity

Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale the solution. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. Our solutions are designed for easy scalability and growth.

Measured service

Cloud systems automatically control and optimize resource usage by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g. storage, processing, bandwidth, or active user accounts). Resource usage is monitored, controlled and reported, providing transparency for customers.

6

INFRASTRUCTURE As Cloud Computing has evolved, so too have data centers proliferated and evolved in terms of construction and management. Data centers have grown into operations that include business intelligence adaptation, and understand the applications running in the data centers themselves, as well as the requirements of hosting large scale analytical clusters.

Data center operations

Digital Cabinet has partnered with Amazon Web Services (AWS) to provide robust Cloud Infrastructure for its software services. For more information on AWS please visit: https://aws.amazon.com/compliance/

We maintain a wide array of hosted environments ranging from dedicated rack-mounted servers, to virtualized database clusters. All our partner data centers provide redundant backup power configurations, environmental control, high speed bandwidth, fire suppression, and 24/7 on-site support.

Physical hardware is typically rack-mounted and equipped with solid- state storage and high speed network components. All hard drives are configured in mirrored RAID arrays for redundancy.

Physical security

Outdated security for IT equipment, network technology, and telecommunications is often overlooked in many organizations. To establish proper physical security for IT assets in a cloud environment, it is important that responsibilities be assigned to personnel who are appropriately placed within an organization.

Traditional security measures to prevent theft, espionage, sabotage, or harm are essential to the security of a cloud environment. All our data centers are equipped with 24-hour CCTV monitoring, as well as access controlled server rooms. Security personnel are on standby at all times.

IT assets located within our offices are never left unattended and are physically secured outside of office hours. A comprehensive security response system is in place to deter, repel, and apprehend potential attackers.

Access management

Physical access to Digital Cabinet assets is strictly controlled via secure entry points. Personnel requiring direct access to IT assets must issue an access request in advance and must be verified by management.

Remote access to Digital Cabinet assets is only granted to key personnel and is further logged and monitored by access management software.

7

Virtualization

In recent years, virtualization has become a key element of Iaas (Infrastructure-as-a-Service) and is increasingly used in portions of the back-end of Saas (Software-as-a-Service) providers as well.

The benefits of virtualization are well known, including multi-tenancy, better server utilization, and data center consolidation. Cloud providers can achieve higher density, which translates to better margins, and enterprises can use virtualization to shrink capital expenditure on server hardware as well as increase operational efficiency.

Digital Cabinet makes use of virtualized operating systems, depending on customer requirements. The deployment of virtual machines allows for easy configuration of servers for the purposes of beta/development, staging, testing and production.

Layered security controls help to reduce dependency on built-in security mechanisms. All virtualized operating systems include a firewall, anti-virus, integrity monitoring, and log monitoring tools. Automated backups are performed on a daily basis.

Figure 3 – Traditional vs Virtual Architecture

8

APPLICATION SECURITY

Cloud-based software applications require a design rigor similar to applications connecting to the raw internet. Security must be provided by the application without any assumptions being made about the external environment.

The threats that applications are typically exposed to in a cloud environment are more than those experienced in a traditional data center. This creates the need for rigorous practices that must be followed when developing or migrating applications to the cloud.

Digital Cabinet subscribes to the highest security standards when designing applications. This section details some of the measures that we undertake in order to offer our customers the most impregnable solutions possible.

Authentication and authorization

Authentication refers to establishing/asserting the identity of a user to the application. Many cloud services, including Digital Cabinet, expose their services in the form of RESTful APIs and these are designed for accepting tokens rather than passwords.

Digital Cabinet's authentication requirements are tailored to its customers' needs. Many organizations have existing user stores (e.g. Active Directory or LDAP) and the authentication credential is typically a username/password. Digital Cabinet integrates with such user stores seamlessly.

Since cloud applications are widely accessible through various devices, authenticating with simple user id/password is fast becoming deprecated. More organizations are opting for more robust identity confirmation in the form of RSA tokens, OTP over SMS, Smartcard/PKI, Biometrics, and more.

Some organizations leverage standards such as SAML and OAuth to provide identity assertions and generate secure token for authorization purposes. Digital Cabinet integrates with existing standards in order to conform to the risk requirements of an organization.

In terms of authorization and access to resources, we employ the “least privilege” principle, which maintains that an individual, process, or entity is given the minimum privileges and access to resources for the minimum period of time required to complete a task. This ensures that access to resources is strictly limited to processes that truly require such access, making it more difficult for security vulnerabilities to be exploited.

9

Password policy

A password policy is a set of rules designed to enhance security by encouraging users to employ strong passwords which are less likely to be cracked. Digital cabinet employs various means in order to strengthen user passwords:

• Minimum password complexity – password must be of a certain length, and contain alphanumeric and uppercase characters.

• Change on first login – users are required to change their passwords the first time that they log into the system.

• Brute force dictionary – certain key words and phrases are considered invalid as passwords so as to prevent brute force dictionary attacks.

• Password aging – depending on user requirements, passwords can be set to expire after a certain time period in order to force frequent password changes.

• One-time-pin SMS – depending on user requirements, OTP (one-time-pin) passwords can be sent via SMS to add an additional layer of security.

Encryption

Encryption is the process of encoding information in such a way that only authorized parties may read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor.

Digital Cabinet employs 256-bit Advanced Encryption Standard (AES) encryption for data at rest and HTTPS TLS v1.0 or higher for protecting data in transit.

This means that all data is encrypted at drive level prior to sending, and all data sent over the wire is sent via an encrypted TLS channel so that it cannot be interpreted if it is intercepted.

Audit and logging

Audit and logging is a crucial part of an organizations oversight of its systems and behaviors. Organizations need to have records of which users access which resources, and how often.

Our applications are designed with full audit trails for security and compliance purposes. All actions in the system can be logged and reported upon. This includes application layer logging, as well as web server logging and low level exception logging within the web stack.

10

Monitoring and updates

Application monitoring has a number of important metrics which need to be addressed in order to effectively secure an application environment. Digital Cabinet employs the following tools:

• Log monitoring – logs are useful not only for compliance purposes, but are also indicators of exploitable bugs, and intrusion attempts.

• Performance monitoring – this is important in multi-tenanted environments where customers share resources. Excessive performance changes can be a symptom of malicious activity.

• Intrusion monitoring – traffic load and failed login attempts need to be monitored to detect intrusion attempts. Multiple failed login attempts can lead to IP blacklisting to prevent brute force attacks.

Our system administrators make certain to keep all application code up to date with the latest patches and vulnerability protections.

Penetration testing

Penetration testing is a security testing methodology that gives the tester insight into the strength of the target's network security by simulating an attack from a malicious source. The process involves an active analysis of the cloud system for any potential vulnerabilities that may result from poor or improper system configuration, known or unknown hardware/software flaws, or operational weaknesses in process or technical countermeasures.

Digital Cabinet follows security best-practices and employs a third party security specialist firm to run quarterly penetration tests in order to detect any security breaches or vulnerabilities in our environment.

Regular external penetration tests ensure that any newly discovered vulnerabilities are exposed timeously and resolved accordingly.

Some of the more common vulnerabilities which we guard against are:

• Input validation to prevent SQL and content injection

• Cross-site scripting

• Outdated or unpatched servers and application code

• Weak passwords

Digital Cabinet also performs its own internal application audits, which involve peer code reviews, and the execution of our own automated testing framework. We also carry out manual testing from a multi-tenancy perspective to validate that privileges cannot be escalated or data segregated based on lack of session enforcement.

11

DISASTER RECOVERY AND BACKUP

Despite planning for High Availability in our infrastructure and software design, disasters are inevitable, mostly unpredictable, and they vary in type and magnitude. Our strategy relies on having a comprehensive Disaster Recovery Plan in place, that allows our organization to return operations to normal as quickly as possible in the event of an unexpected disaster.

One of the most interesting aspects of Cloud Architecture is how it can be leveraged for Disaster Recovery (DR) and Backup. Cloud Backup and DR services are targeted at reducing the cost of infrastructure, applications, and overall business processes. They aim to make reliable data protection affordable and easy to manage.

Our Disaster Recovery Plan relies on certain key components to ensure continuity of services in the event of a disaster:

Figure 4 – Disaster Recovery Plan Components

Each of the components in figure above are addressed in more detail in this document, as they form the basis of our strategy for pre-empting disaster, as well as for recovery in the event of disaster.

12

Data replication

Digital Cabinet employs various methods of backup and data replication in its efforts to maintain continuity of services. In our virtualized environments, we employ cutting edge VM tools to take daily snapshots of VM instances. In traditional physical environments, we run daily backups of our core customer data and databases.

All of our backup information is incrementally backed up to an offsite DR site located outside of the production region. The offsite backups are transferred over a secure encrypted SSH tunnel, accessible only via 256- bit private RSA key.

Infrastructure redundancy

In order to ensure the highest standards of service uptime, Digital Cabinet makes use of High Availability design and infrastructure. Customers with high volume requirements are load balanced to distribute workloads across multiple resources.

Each of our data centers conforms to industry best-practices in terms of Data center Infrastructure Management (DCIM). Our servers are configured with Uninterruptible Power Supplies (UPS) and our data centers make use of backup generators in cases of power supply failure by the national grid.

All physical hardware in our data centers is mirrored and automatically falls over to secondary hardware in the event of a failure. DNS tools are employed to automatically redirect users to alternate resources in case of service downtime.

Our relationship with our infrastructure providers is governed by strict SLA agreements to guarantee peace of mind for our customers.

Figure 5 – Example Disaster Recovery Configuration

13

Employee training

A Disaster Recovery Plan is only as good as the people who implement it. Digital Cabinet ensures that our operations team, comprised of seasoned veterans with both engineering and operational experience, are well trained in the operational procedures necessary to execute the Disaster Recovery Plan.

All our staff are taught their individual and/or role-based responsibilities in the event of a DR scenario. Depending on the scope of the failure, pre-defined communications are sent to the relevant employee to activate DR processes. Escalation channels are in place in case of activation issues on the part of the employee.

Every role and responsibility is covered by a minimum of two staff members, to eliminate single points of failure.

Process review and testing Even the best solutions in the world may fail if they are not frequently revised and tested. An untested plan is usually a failed plan, as people unfamiliar with DR processes will tend to create confusion in the case of a real disaster.

Digital Cabinet performs regular reviews on DR processes, and tests our recovery procedures to make certain that restore processes work, and data integrity is maintained. We run regular integrity checks on all backup data.

A full Disaster Recovery mock scenario is simulated on a quarterly basis. This allows us to realistically test our processes and keeps our staff up to date with the latest procedures. Any production changes or procedural updates are reflected in our documentation, as well as in staff training sessions.

Monitoring When dealing with a Disaster Recovery situation, having effective monitoring tools in place allows for faster response times and more accurate measurement of the scope of failure.

Digital Cabinet runs comprehensive automated monitoring tools on all our environments, and in the event of a failure, key personnel are notified and can begin the relevant DR procedures. Such tools also help us to identify and mitigate potential vulnerabilities and risk.

Once Disaster Recovery procedures begin, the situation needs to be continuously monitored as well, in order to reach a resolution as quickly as possible. Restoration of important resources relies on the careful monitoring of the DR process, as well as the monitoring of failed services to determined if a return to normal operation is possible.

14

COMPLIANCE

Compliance can be defined as the awareness and adherence to obligations (e.g. corporate social responsibility, applicable laws, ethical guidelines), including the assessment and prioritization of corrective actions deemed necessary and appropriate.

Information technology is increasingly subject to a plethora of policies and regulations. All stakeholders expect organizations to proactively comply with regulatory guidelines and requirements across multiple jurisdictions. IT governance is a necessity to deliver against these requirements and all organizations need a strategy to deliver.

In some environments, particularly those that are highly regulated, reporting requirements get even more attention than compliance itself. In the best circumstances, compliance is not an inhibitor of organizational effectiveness, but a complement to internally determined policies.

Digital cabinet is fully compliant with all applicable United States laws, regulations and guidelines to digital document storage. For more information please visit: https://aws.amazon.com/compliance/pci-data- privacy-protection-hipaa-soc-fedramp-faqs/

Further compliance details fall outside the scope of this document.

15

GOVERNANCE AND RISK MANAGEMENT

Governance typically refers to a set of responsibilities and practices exercised by management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that an enterprise's resources are used responsibly.

Cloud Computing has brought about a shift in how organizations view governance and risk management. There are inherent risks involved in cloud computing, and the aim of our Cloud Architecture is to mitigate these risks without sacrificing the very agility that we are seeking with Cloud Computing in the first place.

Digital Cabinet employs numerous strategies to mitigate the risks inherent in our architecture. Further details regarding our governance and risk management strategies fall outside the scope of this document.

16

CONCLUSION

Digital Cabinet has designed its Cloud Architecture using proven methodologies, and industry best-practices. We employ numerous developers, engineers and technicians with a vast wealth of experience in managing complex infrastructures.

Our infrastructure allows us to proactively scale our solutions to meet anticipated demand, and to improve our testability and automation as we grow. Our Disaster Recovery processes ensure low-cost business continuity for our customers.

By focusing on good Cloud Architecture and best practices (e.g. designing for failure, implementing elasticity, integrating security into all aspects of our application architecture) we can understand the design considerations necessary for building highly scalable cloud applications, and provide our customers with the added value necessary to enhance their own business.

17