Gilytics is aware that our customers use sensitive information, and we take all possible measures to guarantee that all data is secure in our cloud infrastructure.
Gilytics has been certified in the ISO 9001 (Quality Management) and ISO 27001 (Information Security) standards.
This document describes the flow of information in the Pathfinder application and how data is protected throughout the system.
Pathfinder is a cloud application, a model which has many advantages for customers:
The application can be used remotely from any computer
There is no need to install and manage local software or databases
Also, no need to update to use new features, which are automatically available
Automatic access to latest fixes and improvements
It’s easy to manage projects in an organization with multiple concurrent users
A single version of the application makes easier to get fast and precise technical support
The data flow in Pathfinder is the following:
Users provide their unique credentials (name and password) to authenticate and receive the authorization to access the system according to their company membership and role.
Users upload geodata to our cloud server from the Pathfinder Web application, using an encrypted data transmission protocol.
Data is stored in the highly secure and protected cloud storage.
Data is processed to be displayed in the Map and 3D views and analyzed to find optimal paths and locations.
User downloads the analysis results and reports from the cloud, again using an encrypted transmission protocol.
User removes the project data when he/she wishes, and all data and trace is removed from the cloud.
Let’s examine each of these steps to understand how the data is protected:
The first step to guarantee security is to check that the user is who he/she claims to be. This is done with an authentication protocol. Pathfinder uses its Django REST authenticator component to check the (encrypted) user credentials (name and password) and create a unique token or key that can be used to secure the communication during the work session.
For more secure access control, Pathfinder supports Two Factor Authentication which can be activated by each user.
Work sessions are closed automatically after an inactivity period, preventing unwanted access.
Companies who wish to use their own authentication method can do so by using our support for Single Sign On.
Encrypted Data Transmission¶
Authenticated and authorized users can proceed to upload or download data. During the uploading and downloading processes, data is divided in packets and codified in a binary form, but these packets could potentially be inspected by external systems. To prevent this, modern Web applications use the HTTPS protocol (instead of the old plain HTTP protocol). When you connect to Pathfinder, you will see (if you copy the Web address in your Web browser) that it starts with the “https” keyword.
This protocol uses Transport Layer Security, so the data transmitted is encrypted with a secret key that only the user’s Web browser knows for each session. The cloud server provides this cryptographic key before the data is transmitted.
Cloud Data Storage Security¶
What about access to the server’s storage system? Today’s cloud storage systems have features and best practices which protect data and applications better than standard corporate data centers, so probably your data is safer in our cloud provider, Amazon Web Services, than in your office computer.
Configuration and Spatial Data are stored in AWS RDS database system, and temporary files for data visualization are stored in Amazon S3, but all this information is only accessible through the secured HTTPS REST API.
Pathfinder uses cloud database encryption to keep data protected even if a physical access to the database would occur.
Protection from External Threats¶
Pathfinder protects its servers using AWS GuardDuty for threat detection.
In addition, continuous automated vulnerability testing is performed to detect potential weaknesses in third party and own components.
Amazon Web Services considers security as its first priority and provides many technologies and practices to ensure it, from data privacy controls to data center physical safety, being compliant with security standards and protocols.
All the Pathfinder infrastructure and data is currently located in the AWS eu-west-1 region (Ireland).
Disclaimer: the scenarios depicted in this manual do not represent actual customer projects or infrastructure proposals, and are presented for demonstration purposes only.