At myairops we build in security to everything we do. No extra charges, no hidden extras, just part of our core cloud native product offerings for the aviation industry.
Cloud platform providers, such as Microsoft, invest significantly in cyber security and this is why we have chosen such an advanced platform on which to base our products. Of course it is still possible to build insecure applications, no matter how secure your foundations, and this blog post sets out an overview of the security architecture that is used within our solutions. For information relating to security within the Microsoft Azure platform please refer to these helpful resources.
Microsoft invests over $1bn per year on cyber security. Read about it here.
Security overview
Area | Threat | Approach |
---|---|---|
Web Application | Distributed Denial of Service (DDoS) and Denial of Service (DoS) attack (ref) | Our solutions are cloud native SaaS applications that run within the web browser. To ensure the availability of our applications we utilise a DDoS protection mechanism to drop and filter traffic that could make our applications unavailable by saturating the communications to them. See the following information from CloudFlare that defines the types of attacks that can take place. |
Web Application | Botnet detection (ref) | Similar to those characteristics of DDoS (which are often performed by Botnets) it is also desirable to block and filter traffic coming from known malicious IP addresses. Our solutions will actively seek to filter traffic to our applications known to originate from Botnets. |
Application development life-cycle | Code development weaknesses | No matter how advanced the protective barriers and foundations that are put in place it is still possible to make software engineering mistakes. Our testing and code review processes, in addition to the development tools that are used within the development process, mitigate this risk.
However, to provide confidence to our customers we utilise a third part organisation to independently security test our applications. We only utilise CREST approved organisations and make the summary report available to our customers through our trust centre which is part of our help portal. For information relating to CREST please visit their website. |
Web Application and Data Layer | OWASP top 10 (ref) | We utilise Web Application Firewall (WAF) technology to mitigate threats such as:
|
Data Layer | Database vulnerabilities | We enable Advanced Data Security on our database and run frequent automated SQL vulnerability assessments against our data. |
Data Layer | Corruption or accidental deletion | Our solutions utilise Point In Time Recovery (PITR) backups to ensure your data is backed up at least every 10 minutes. This means we can achieve a Recover Point Objective (RPO) of 10 minutes and this is the most data you should ever lose. Our standard solution will keep your data backups for a rolling 35 day period. |
Data Layer | Sensitive data (such as PII) | Column level encryption is employed at the data layer to provide additional in memory protection for sensitive data. |
Network Communication Layer | Data interception | We utilise Secure Sockets Layer (SSL) encryption standards on all access to our products. |
Hardware | Data leakage/breach (ref) | Like all solutions eventually data is written to hardware. As hardware fails or is replaced there is a risk that data is unintentionally leaked through poor hardware management. To address this issue our solutions utilise strong database encryption at rest making sure data is never stored without encryption. Encryption keys are stored within Azure Key Vault. This is further augmented by Microsoft’s own secure data destruction policy which meets the NIST 800-88 standard. For more information on this and the physical security measures that are utilised within Microsoft Azure data centres please refer here and to the Microsoft Azure Trust Center. |
Authentication | Unauthorised Access | We support integration with authentication services such as Office 365 and fully support Multi-factor authentication within such service. In addition we also support local password login should an external authentication service be unavailable ensuring you can always gain access to our system. Only provisioned users within our system will be granted access. Strong password complexity can be enforced alongside password refresh policies. Support for other external authentication services, such as those provided by Google will also be supported. Our solutions employ a Single Sign-on (SSO) solution to avoid unnecessary re-authentication. |
If you want to find out more about our security architecture and how our solutions can fit your aviation business get in touch here.