The cmpute.io platform infrastructure are managed as per the standard AWS security recommendations. The compute infrastructure are always attached to run with an Instance profile that allows limited access to perform operations. The applications are written to use the Instance profile credentials which are automatically rotated every hour. The applications do not use any credentials stored in local store and always use the credentials available as part of the instance security store.
The cmpute.io platform infrastructure is locked down to prevent access to it from internet. The front end systems are accessible over public subnet but deliver content only via CloudFront.The back end systems are on private subnet and can be accessed only via jump boxes.The security groups are configured to not allow traffic on any port other than HTTP. All other ports are locked down and are only opened to specific support IP addresses based on need. The internal systems communicate via private IP addresses and internal traffic is never routed through public internet. The data access are usually done using TDS protocol and the data in transit is encrypted. Most of the data currently stored at rest is encrypted and we’re working towards full encryption support for data at rest.
All content delivered by cmpute.io platform are done over HTTPS. The security certificates use the latest protocols offered by SSL and are configured to auto rotate periodically.
Application teams access content that are critical to understand the system using our internal systems or using third party systems that hold our application logs. Support teams access the infrastructure only for periodic updates to operating system and related software. Application deployment is automated using tools and are always performed using systems outside the core infrastructure.
Privilege accounts offer access to metadata stored about customers. This information is stored in data stores that use encrypted storage. Teams that have access to privilege accounts follow the best practices in industry to prevent misuse or accidental loss of credentials. cmpute.io information security team recommends two factor authentication and periodic change of passwords to ensure that best practices related to security are followed. Even privilege teams do not have access to raw data that allow access to query customer metadata. cmpute.io teams DO NOT EVER HAVE privileges to directly access customer infrastructure hosted on internet. Privilege teams have access to metadata about customer infrastructure which are stored as part of managing the infrastructure BUT DO NOT HAVE ACCESS TO THE ACTUAL INFRASTRUCTURE.