Cubed Mobile management understand how important the security and privacy of your data is. We are committed to providing our customers with a highly secure and reliable environment. We have therefore adopted security measures, that covers all aspects of Cubed Mobile’s systems.
The security measures are based on international protocols, standards and industry best practices, such as ISO/IEC 27001, the standard for information security management systems (ISMS) and ISO/IEC 27018, Security techniques – Code of practice for protection of personally identifiable information in public clouds.
As part of the company’s focus on security issues, the company’s security team performs on a regular basis:
Cubed Mobile values the importance of handling sensitive data. We therefore practice robust cyber security posture from the grounds up, making sure appropriate security procedures are properly addressed based on the guidelines set in NIST800-171 of the U.S. and GDPR in E.U. Our systems are hosted on Amazon AWS infrastructure. They’ve devoted an entire portion of their site to explaining their security measures, which you can find in the following links:
https://aws.amazon.com/compliance
https://aws.amazon.com/security
No one other than our team can access the contact data of clients, and only if it is necessary to solve client-related issues.
Customer data is stored only in the production environment. Our team only have approval to access limited user data in order to solve client requests, issues or bugs. All logs of SSH connections to our production environment are saved and archived. Much of the information in your account is encrypted and delivered on a per-user-access controlled basis.
We know the data you save, use and share in Cubed Mobile is private and confidential. The operation of Cubed Mobile wouldn’t be possible without a few members having access to our databases in order to optimize performance and storage. This team is prohibited from using these permissions or simply cannot view customer data without explicit, written permission from the user. We have strict controls over our employees’ access to internal data and we are committed to ensuring that your data is never seen by anyone who should not see it.
Any new feature or code that will be implemented into our system starts with an in-depth analysis of security and privacy risks. All code is saved into a git version control repository and evaluated in a test environment before deploying it into our production environment. All code is reviewed by at least one more developer to ensure code quality.
Security controls at Amazon data centers are based on standard technologies and follow the industry’s best security practices. The physical security controls are constructed in such a way as to eliminate the effect of single points of failure and retain the resilience of the computing center.
A variety of environmental controls are implemented at the data center facilities.
Firewalls: Applications in the hosting and cloud have firewalls installed to shield them from attack and prevent the loss of valuable customer data. The firewalls are configured to serve as perimeter firewalls to block ports and protocols.
DDoS mitigation: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.
Cubed Mobile ensures the security and privacy of user information by encrypting data on all servers at rest and in transit.
Our systems are designed to ensure data is protected at all times. Specifically, we’re restricting sessions with dynamic tokens of 384bit signatures, we’re using TLS v1.2 with strong ciphers to protect data in transit, and AES-256 to encrypt data at rest. Passwords are encrypted or hashed and salted with a modern hash function.
Cubed Mobile’s cloud-based solution is deployed using Amazon Web Services (AWS), enabling us to guarantee high security through utilizing a series of high tech, best in the industry solutions that work to ensure the safety of all user data on the AWS network.
Cubed Mobile monitors its servers to retain and analyze a comprehensive view of the security state of its production infrastructure. Cubed Mobile collects and stores production servers’ logs for analysis. Logs are stored and indexed in a separate network, using dynamic Format Preserving Data Masking and without any sensitive information.
We consistently backup the data of our customers. Backups are encrypted and distributed to various locations, where they are retained for some period of time.
To handle security incidents effectively, Cubed Mobile has constructed incident response and notification procedures. Cubed Mobile employs an Incident Handling team that responds to security incidents and mitigates risks. The team uses monitoring and tracking tools and performs real-time analysis.
Additionally, the team has clear procedures in place for communicating the incidents to any involved party and for handling escalations. Every incident is forwarded to the security team leader for assessment and analysis. The level of severity is a measure of its impact on, or threat to, the operation or integrity of the institution and its information. It determines the priority for handling the incident, who manages the incident, and the timing and extent of the response.
Cubed Mobile realizes that the malicious activities of an insider could have an impact on the confidentiality, integrity, and availability of all types of data. User permissions are continuously updated and adjusted so when a user’s job no longer involves infrastructure management, the user’s console access rights are immediately revoked.
In order to help ensure that Cubed Mobile employees are aligned with the security practices and aware of their duties, Cubed Mobile conducts information security awareness campaigns. In addition, the security obligations of users and the entity’s security commitments to users are communicated on an annual basis through the company policy.
Our engineering and operation teams keep their skills up to date regarding security best practices. We have coded many different online systems and are experienced in infrastructure security and systems security.
Copyright © Cubed Mobile 2018. All Rights Reserved.