ProofPilot leverages the highly scalable and secure AWS cloud infrastructure to host our production level data. AWS is trusted by security-sensitive organizations diverse as the CIA, PayPal, Bristol-Myers Squibb and AirBnB.
Asset Management and Ownership
ProofPilot takes the same approach to provisioning cloud infrastructure as it does for product functionality. Does the infrastructure improve security, maintain or improve accessibility, while ensuring the privacy and confidentiality of all data on the platform?
Once provisioned, tools are classified as either those having direct sensitive data access or those that do not. All cloud infrastructure is managed by our systems administrator with approvals and support for major changes by Roman Senchuk as per our operating procedures.
Our cloud security standards are based on limiting, to the greatest extent possible, direct access to infrastructure, networks, and data. Only two people have the authority to push new code to production. Direct access to our product database is limited to those same two people. All access to our production environment requires CEO approval, strong multi-factor authentication and access via authorized private networks.
Defense in Depth
All ProofPilot production environments, where customer data and customer-facing applications sit is segregated from all non-production networks (including development and testing servers) via firewalls, operational procedures, and thousands of miles of geography.
ProofPilot logs all actions on our network. We use automated and manual checks to identify any deviation from our technical standards and raise issues quickly when inappropriate changes occur.