=============
Data Security
=============
Gilytics is aware that our customers use sensitive information, and we
take all possible measures to guarantee that all data is secure in our
cloud infrastructure.
Gilytics has been certified in the ISO 9001 (Quality Management) and ISO 27001 (Information Security) standards.
.. image:: ./images/ISO.png
:align: center
:width: 60%
This document describes the flow of information in the Pathfinder
application and how data is protected throughout the system.
Overview
--------
Pathfinder is a **cloud application**, a model which has many advantages
for customers:
- The application can be used remotely from any computer
- There is no need to install and manage local software or databases
- Also, no need to update to use new features, which are automatically
available
- Automatic access to latest fixes and improvements
- It’s easy to manage projects in an organization with multiple
concurrent users
- A single version of the application makes easier to get fast and
precise technical support
The **data flow** in Pathfinder is the following:
- Users provide their unique credentials (name and password) to
authenticate and receive the authorization to access the system
according to their company membership and role.
- Users upload geodata to our cloud server from the Pathfinder Web
application, using an encrypted data transmission protocol.
- Data is stored in the highly secure and protected cloud storage.
- Data is processed to be displayed in the Map and 3D views and
analyzed to find optimal paths and locations.
- User downloads the analysis results and reports from the cloud, again
using an encrypted transmission protocol.
- User removes the project data when he/she wishes, and all data and
trace is removed from the cloud.
.. image:: ./images/dataFlow.jpg
:align: center
:width: 90%
Let’s examine each of these steps to understand how the data is
protected:
Pathfinder Authentication
-------------------------
The first step to guarantee security is to check that the user is who
he/she claims to be. This is done with an authentication protocol.
Pathfinder uses its `Django REST
authenticator `__
component to check the (encrypted) user credentials (name and password)
and create a unique *token* or key that can be used to secure the
communication during the work session.
For more secure access control, Pathfinder supports :ref:`Two Factor Authentication `
which can be activated by each user.
Work sessions are closed automatically after an inactivity period, preventing unwanted access.
Companies who wish to use their own authentication method can do so by using our support for :ref:`Single Sign On `.
Pathfinder Authorization
------------------------
Your company's Pathfinder administrator manages the list of users and
their permissions. Only messages from users previously authenticated,
carrying the right token, are accepted by the Pathfinder server. No
operation is possible in the server, including listing projects and
layers, accessing data, or processing it, if the administrator has not
provided
`authorization `__
to the user or the user has not authenticated (logged in).
Administrators can :ref:`restrict access to projects for specific users ` by enabling this
option in the admin page.
Encrypted Data Transmission
---------------------------
Authenticated and authorized users can proceed to upload or download
data. During the uploading and downloading processes, data is divided in
packets and codified in a binary form, but these packets could
potentially be inspected by external systems. To prevent this, modern
Web applications use the `HTTPS
protocol `__
(instead of the old plain HTTP protocol). When you connect to
Pathfinder, you will see (if you copy the Web address in your Web
browser) that it starts with the “https” keyword.
This protocol uses `Transport Layer
Security `__, so
the data transmitted is encrypted with a secret key that only the user’s
Web browser knows for each session. The cloud server provides this
cryptographic key before the data is transmitted.
Cloud Data Storage Security
---------------------------
What about access to the server’s storage system? Today’s cloud storage
systems have features and best practices which protect data and
applications better than standard corporate data centers, so probably
your data is safer in our cloud provider, Amazon Web Services, than in
your office computer.
Configuration and Spatial Data are stored in AWS RDS database system, and temporary files for
data visualization are stored in Amazon S3, but all this information is only accessible through
the secured HTTPS REST API.
Pathfinder uses `cloud database encryption `_
to keep data protected even if a physical access to the database would occur.
Protection from External Threats
--------------------------------
Pathfinder protects its servers using `AWS GuardDuty `_ for threat detection.
In addition, continuous automated vulnerability testing is performed to detect potential weaknesses in third party and own components.
AWS Infrastructure
------------------
Amazon Web Services considers security as its first priority and
provides many `technologies and
practices `__ to ensure it, from `data
privacy
controls `__ to
`data center physical
safety `__,
being `compliant with security
standards `__
and protocols.
All the Pathfinder infrastructure and data is currently located in the AWS eu-west-1 region (Ireland).
.. include:: footer.rst