Oren's Prism Software: Is my ESG data secure?

Veeramuthu M

2nd October 2022

 

Our commitment to data security is a priority.

 

Our present technology infrastructure consists of AWS architecture (Amazon Web Services), and Celigo integrator. According to our policies, we are highly committed to protecting our customer's data, and we thus never sell or utilize client information for promotional purposes.

 

We've adopted a system that is trusted by many of our clients.

 

The security of today's cloud infrastructure is superior to that of the majority of on-premises infrastructure in the past. Shifting infrastructure management and security measures to our AWS cloud provider enables our team to focus on developing best-in-class ESG solutions for our customers and assisting them in staying ahead of the reporting curve.

 

Since day one, we've been committed to collaborating with a cloud provider that offers rigorous security features and mechanisms to safeguard Oren's and our customer's applications and data. Furthermore, the application architecture layer and the integration layer of Prism runs on AWS cloud infrastructure.

 

Amazon Web Service (AWS) incorporates multiple levels of encryption to secure customer data and applications.

 

Listed below are some of the security measures provided by AWS to Prism:

 

Infrastructure Security:

 

AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. The AWS infrastructure is designed and managed in alignment with best security practices and standards. Below are some of the assurance programs with which AWS complies:

 

  • SOC 1/ISAE 3402, SOC 2, SOC 3
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018

 

The Prism application is deployed in an EC2 instance. Prism uses AWS-published API calls to access Amazon EC2 through the network. Since an EC2 instance lives inside a VPC (Virtual Private Cloud), the security we use leverages both the VPC and EC2 security features.

 

Virtual Firewall Protection

 

A security group acts as a virtual firewall for our EC2 instances where Prism is hosted to control incoming and outgoing traffic. We have assigned multiple security groups to our EC2 instance and specified exclusive rules for each security group to allow specific types of traffic. The Network ACL is a security filter that will work in conjunction with the Security Group to allow or restrict the connection to your EC2 instance. Also, use TLS to communicate with AWS resources

 

Monitoring and Alerting Mechanism

 

Our EC2 instances are monitored using Cloud watch. We also enabled ALB to route traffic and well-formed web requests to detect and protect our application from common attacks such DDoS.

 

Data Protection With Encryption

 

Prism uses MongoDB Atlas databases which are deployed on AWS. By default, Atlas encrypts all data stored in our Atlas database and Atlas inherits the security features.

 

Storage

 

Based on the IAM setup, AWS S3 applies multiple checkpoints to restrict access for buckets, access points, and objects in S3. Atlas MongoDB uses Transport Layer Security (TLS) to encrypt data in transit for transport security.

 

Authentication and Authorization:

 

Since most client-side (front end) assets are public, securing user and application data on the server side is vital. Prism handles JWT-based authentication and role-based authorization and user management mechanisms.

 

  • Authentication: Only authenticated users can read/write database data. A suitable authentication policy has been implemented to prevent unauthorized users.
  • Authorization: Only authorized users can access different application resources based on their roles and privileges.

 

Access to the integration layer is protected by a username and password, whilst the backend API is protected by bearer tokens and requires SSL connections to connect to the web and the application.

 

The backend server is hosted in a secured AWS environment with restricted internet access. The backend server will be running in the local environment with incoming requests accepted only from whitelisted IP

 

Oren 's Security Practices:

 

Prism has been developed using best-of-breed technology frameworks and secure software development practices. Below are some of the best practices Orenís development team has followed to ensure security is at the core of the product:

 

  • AWS Cloud-Watch monitoring and alerting has been configured and mitigate a DOS attack by load balancing excess traffic.
  • Notification alerts to identify request spikes, restrict traffic automatically, and monitor resource use.
  • Configure the scope-based API key to prevent forged requests.
  • Prism's sign-in endpoint has a strict quota to prevent brute-force attacks.
  • Only limited team members are allowed to access production data based on predefined IAM roles and policies
  • The Prism ESG platform provides distinct environments for production, testing, and staging.
  • Review of security threats and compliance every quarter.
  • We have a practice of not keeping unnecessary ports open in the instances
  • Always provide time-bound authorization to the end users. So no one can misuse the resources
  • Audit and Review IAM users and their policies frequently

 

A secure cloud-based ESG software means the organization can confidently manage data in the software, generate sustainability reports, and analyze the data without fear of data loss and security breaches. Having the right and secure ESG data management helps the organization succeed in its sustainability management program and initiatives.

 

Oren's Prism Software provides industry-leading software for a range of ESG and sustainability data reporting and analytics requirements. To secure your ESG data management with Prism Software and to learn more about the Prism ESG Platform, please contact our team to schedule a short demo.

 

Our Blog