To encrypt data, we use an asymmetric encryption algorithm. In asymmetric encryption, also known as public key encryption or public key cryptography:
- the key used to encrypt messages is different to the key used to decrypt those messages;
- the key used for encryption is called the device key, it is created when the user registers his device (not account)
- the key used for decryption is called the private key, it is the user's password. Chrometa does not have access to this key but the Chrometa admin can reset it.
In practice, Chrometa uses the RSA encryption system with a key length of 2048 bits.
Data is protected while in-transit (as it uploads to Chrometa's server) using SSL.
Chrometa's physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
Chrometa utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional
For additional information see: https://aws.amazon.com/security
Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to.
Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked.
Each group of users runs within its own isolated environment and cannot interact with other groups or areas of the system. This restrictive operating environment is designed to prevent security and stability issues. These self-contained environments isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections.
As an Intuit API partner, Chrometa passes every year Cigital security audit. Security specs are detailed here
Data deployed to Chrometa are automatically backed up as part of the deployment process on secure, access controlled, and redundant storage. We use these backups to automatically bring your data back online in the event of an outage.