Leveraging AWS Security at xOverTime

Protecting the confidentiality, integrity, and availability of our customers’ data is incredibly important to the team at xOverTime, as is maintaining customer trust and confidence. xOverTime Cloud is certified for compliance with some of the most rigorous, industry-accepted security, privacy, and reliability standards and regulations including ISO 27002.  Over a series of technical blogs, we’ll share how we are solving some of the challenges in securing sensitive enterprise data in the cloud for our customers and how xOverTime Platform leverages Amazon’s security infrastructure and internally built open source application security frameworks to bring you the best in cloud data security.

xOverTime can run on various Cloud platforms including Amazon Web Services (AWS), Rackspace, Google Compute, Microsoft Azure and on-premise data centers.  From the AWS perspective, Amazon provides a security framework for a successful and secure Cloud deployment. xOverTime takes responsibility for securing the application, data and system resources. A great primer to gain a quick understanding of Cloud security and data privacy is the guidelines on security and privacy published by National Institute of Standards and Technology and the Overview of the Security Processes published by Amazon.

xOverTime platform enforces some of the most stringent data security provisioning standards required for SaaS products.  We are right up there with the other leaders in this space.  This leadership begins with the application architecture that provisions for total segregation of customer-centric data, token key based authentication, configurable authorization policies and finally the most important of all, data encryption in motion and rest. We employ agile development with security as top priority in every phase of the development process including the design, coding, testing and rollout phase. We are working on security all of the time, currently we are reviewing OWASP 2.0 framework and recommendations, security never stops.

For the xOverTime instances at AWS, data is stored in the block or object level. Where data is frequently updated (as in the database server for one or system drive for an AWS instance), EBS (Elastic Block Storage) volumes present the best and most durable form of elastic storage. What needs to be understood is that the actual data resides on virtual partitions/disks that tie back to the physical devices stored and maintained within AWS data centers. There are several benefits to using an EBS volume, here are my top 3:

  • Data resident on the EBS volumes persist independently of the EC2 (Amazon Elastic Cloud Compute) instances and can be attached to any instance dynamically.
  • Automatic Snapshots in S3 for Backups and Redundancy. Selecting EBS provides the ability to create Amazon S3 snapshots for backups and replication to multiple global sites (availability zones) for redundancy.
  • EBS volumes allow for storage level encryption. This feature allows for the most simplified form of encryption 256-bit Advanced Encryption Standard algorithms (AES-256) and an Amazon-managed key infrastructure.

To ensure consistent performance at the storage level, xOverTime leverages the Provisioned IOPS version of the EBS to ensure minimal latency.

In our next blog, we will review the Data Encryption topics including Data at Rest and in Motion. The key takeaway is to think of data security in the Cloud to be a multiple orders of magnitude more complex than securing in the enterprise. That said, Cloud pioneers like Amazon has invested heavily and abstracted it to a level of simplicity for easier configuration and maintenance.  At xOverTime we are bringing to you the security and simplicity in a platform that makes collaborating and sharing of Microsoft Excel content a better experience for your enterprise.

Share This Post: