Data Security

Gilytics is aware that our customers use sensitive information, and we take all possible measures to guarantee that all data is secure in our cloud infrastructure.

Gilytics has been certified in the ISO 9001 (Quality Management) and ISO 27001 (Information Security) standards.

_images/ISO.png

This document describes the flow of information in the Pathfinder application and how data is protected throughout the system.

Overview

Pathfinder is a cloud application, a model which has many advantages for customers:

  • The application can be used remotely from any computer

  • There is no need to install and manage local software or databases

  • Also, no need to update to use new features, which are automatically available

  • Automatic access to latest fixes and improvements

  • It’s easy to manage projects in an organization with multiple concurrent users

  • A single version of the application makes easier to get fast and precise technical support

The data flow in Pathfinder is the following:

  • Users provide their unique credentials (name and password) to authenticate and receive the authorization to access the system according to their company membership and role.

  • Users upload geodata to our cloud server from the Pathfinder Web application, using an encrypted data transmission protocol.

  • Data is stored in the highly secure and protected cloud storage.

  • Data is processed to be displayed in the Map and 3D views and analyzed to find optimal paths and locations.

  • User downloads the analysis results and reports from the cloud, again using an encrypted transmission protocol.

  • User removes the project data when he/she wishes, and all data and trace is removed from the cloud.

_images/dataFlow.jpg

Let’s examine each of these steps to understand how the data is protected:

Pathfinder Authentication

The first step to guarantee security is to check that the user is who he/she claims to be. This is done with an authentication protocol. Pathfinder uses its Django REST authenticator component to check the (encrypted) user credentials (name and password) and create a unique token or key that can be used to secure the communication during the work session.

For more secure access control, Pathfinder supports Two Factor Authentication which can be activated by each user.

Work sessions are closed automatically after an inactivity period, preventing unwanted access.

Companies who wish to use their own authentication method can do so by using our support for Single Sign On.

Pathfinder Authorization

Your company’s Pathfinder administrator manages the list of users and their permissions. Only messages from users previously authenticated, carrying the right token, are accepted by the Pathfinder server. No operation is possible in the server, including listing projects and layers, accessing data, or processing it, if the administrator has not provided authorization to the user or the user has not authenticated (logged in).

Administrators can restrict access to projects for specific users by enabling this option in the admin page.

Encrypted Data Transmission

Authenticated and authorized users can proceed to upload or download data. During the uploading and downloading processes, data is divided in packets and codified in a binary form, but these packets could potentially be inspected by external systems. To prevent this, modern Web applications use the HTTPS protocol (instead of the old plain HTTP protocol). When you connect to Pathfinder, you will see (if you copy the Web address in your Web browser) that it starts with the “https” keyword.

This protocol uses Transport Layer Security, so the data transmitted is encrypted with a secret key that only the user’s Web browser knows for each session. The cloud server provides this cryptographic key before the data is transmitted.

Cloud Data Storage Security

What about access to the server’s storage system? Today’s cloud storage systems have features and best practices which protect data and applications better than standard corporate data centers, so probably your data is safer in our cloud provider, Amazon Web Services, than in your office computer.

Configuration and Spatial Data are stored in AWS RDS database system, and temporary files for data visualization are stored in Amazon S3, but all this information is only accessible through the secured HTTPS REST API.

Pathfinder uses cloud database encryption to keep data protected even if a physical access to the database would occur.

Protection from External Threats

Pathfinder protects its servers using AWS GuardDuty for threat detection.

In addition, continuous automated vulnerability testing is performed to detect potential weaknesses in third party and own components.

AWS Infrastructure

Amazon Web Services considers security as its first priority and provides many technologies and practices to ensure it, from data privacy controls to data center physical safety, being compliant with security standards and protocols.

All the Pathfinder infrastructure and data is currently located in the AWS eu-west-1 region (Ireland).




Disclaimer: the scenarios depicted in this manual do not represent actual customer projects or infrastructure proposals, and are presented for demonstration purposes only.

For more help, please use the help chat in the application, or contact Gilytics.