CoffeeBean Technology is committed to offering the best service to our clients, especially in regards to security and performance. We strive to offer a security infrastructure that delivers efficiency and scalability following security standards to provide protection to all the data collected. Learn more about each of the topic on the side menu:
CoffeeBean Technology is committed to offering the best service to our clients, especially in regards to security and performance. We strive to offer a security infrastructure that delivers efficiency and scalability following security standards to provide protection to all the data collected. Learn more about each of the topic on the side menu:
Infrastructure
Security
Availability
CoffeeBean Identity and Access Platform follows the industry’s best security practices, providing security for the systems and application layers, while the Amazon AWS, our Infrastructure-as-a-Service provider (IaaS), provides security for the network and data centers layers. Our platform also uses services managed by AWS, which provides security capabilities that enable us to create end-to-end security environments, whether for data in motion or data at rest.
The infrastructure of our platform is based on Amazon AWS services, whose Service Level Agreement commitment is 99.95% for services as EC2 and RDS. The 2016 availability registered for our application was 99.99%.
Scalability and Redundancy
Storage Zones
CoffeeBean’s platform is implemented to be scalable and fault tolerant, using Amazon AWS services such as Elastic Load Balancing (ELB), Route 53 and Auto Scaling. With the Auto Scaling the application will scale automatically according to user demand. Our application is replicated in different availability zones in the same Amazon region, so that if one is not available, the system will continue to perform normally using the other one. In addition, we have replicas of the application and databases in different regions of Amazon as a disaster recovery plan.
- North America: United States (N. Virginia)
- Europe: Germany (Frankfurt)
- South America: Brazil (São Paulo)
Security
CoffeeBean Identity and Access Platform follows the industry’s best security practices, providing security for the systems and application layers, while the Amazon AWS, our Infrastructure-as-a-Service provider (IaaS), provides security for the network and data centers layers. Our platform also uses services managed by AWS, which provides security capabilities that enable us to create end-to-end security environments, whether for data in motion or data at rest.
Availability
The infrastructure of our platform is based on Amazon AWS services, whose Service Level Agreement commitment is 99.95% for services as EC2 and RDS. The 2016 availability registered for our application was 99.99%.
Scalability and Redundancy
CoffeeBean’s platform is implemented to be scalable and fault tolerant, using Amazon AWS services such as Elastic Load Balancing (ELB), Route 53 and Auto Scaling. With the Auto Scaling the application will scale automatically according to user demand. Our application is replicated in different availability zones in the same Amazon region, so that if one is not available, the system will continue to perform normally using the other one. In addition, we have replicas of the application and databases in different regions of Amazon as a disaster recovery plan.
Storage Zones
- North America: United States (N. Virginia)
- Europe: Germany (Frankfurt)
- South America: Brazil (São Paulo)
Data Security
Data in Motion
CoffeeBean applies secure connection (SSL/TLS) on all endpoints, providing private and trusted communication for users to our services and their data, avoiding common attacks such as man-in-the-middle. The certificate uses RSA 2048-bit key, generated and certified annually by Go Daddy Secure Certificate Authority. Our endpoints were submitted to SSL security tests by analysis tools from Qualys and we achieved a level A classification, which is the best one.
Data at Rest
Each customer has its own environment where all the data captured is stored and isolated from another customer’s data. The platform dashboard access is also protected with authentication layers for each customer. The customer database is encrypted at rest using AES-256 algorithm, which includes the main storage, backups and snapshots. SSL is also used to encrypt all connections to the databases, providing security in motion to access data. Sensitive data that is managed by the platform is transmitted and stored using additional encryption algorithms. Passwords are hashed in a way that cannot be recovered, they can only be compared with user inputs.
Security Audit
CoffeeBean systems and applications are periodically submitted for penetration testing, vulnerability scans and intrusion detection tests. It provides feedbacks to continuous security improvements, by proactively detecting and fixing the latest vulnerabilities and threats found by the security industry.
Security Standards
The CoffeeBean Identity and Access Platform is fully compliant with OAuth 1.0 and OAuth 2.0 standards, which are widely used by social networks to provide social login. Our platform also provides OAuth 2.0 APIs to enable secure integrations with client side applications, such as mobile and front-end ones. It is also compliant to PCI Data Security Standard (PCI DSS). Settings such as repeated access attempts, user lockout duration and repeated password usage can be configured to increase the user access security level. By using the infrastructure and standard services of Amazon AWS, the platform also benefits from several advantages in terms of security that are automatically managed by Amazon, including security standards such as ISO 27001, ISO 27017, FIPS 140-2, PCI DSS Level 1, and so on. More details about AWS security, certifications and accreditations can be found in this link.
Backups
CoffeeBean performs daily and monthly backups of all its data. The data in backup is encrypted as the data at rest using AES-256 algorithm. For storage, it uses the Amazon S3 and Amazon Glacier services infrastructure.
Data in Motion
CoffeeBean applies secure connection (SSL/TLS) on all endpoints, providing private and trusted communication for users to our services and their data, avoiding common attacks such as man-in-the-middle. The certificate uses RSA 2048-bit key, generated and certified annually by Go Daddy Secure Certificate Authority. Our endpoints were submitted to SSL security tests by analysis tools from Qualys and we achieved a level A classification, which is the best one.
Data at Rest
Each customer has its own environment where all the data captured is stored and isolated from another customer’s data. The platform dashboard access is also protected with authentication layers for each customer. The customer database is encrypted at rest using AES-256 algorithm, which includes the main storage, backups and snapshots. SSL is also used to encrypt all connections to the databases, providing security in motion to access data. Sensitive data that is managed by the platform is transmitted and stored using additional encryption algorithms. Passwords are hashed in a way that cannot be recovered, they can only be compared with user inputs.
Security Audit
CoffeeBean systems and applications are periodically submitted for penetration testing, vulnerability scans and intrusion detection tests. It provides feedbacks to continuous security improvements, by proactively detecting and fixing the latest vulnerabilities and threats found by the security industry.
Security Standards
The CoffeeBean Identity and Access Platform is fully compliant with OAuth 1.0 and OAuth 2.0 standards, which are widely used by social networks to provide social login. Our platform also provides OAuth 2.0 APIs to enable secure integrations with client side applications, such as mobile and front-end ones. It is also compliant to PCI Data Security Standard (PCI DSS). Settings such as repeated access attempts, user lockout duration and repeated password usage can be configured to increase the user access security level. By using the infrastructure and standard services of Amazon AWS, the platform also benefits from several advantages in terms of security that are automatically managed by Amazon, including security standards such as ISO 27001, ISO 27017, FIPS 140-2, PCI DSS Level 1, and so on. More details about AWS security, certifications and accreditations can be found in this link.
Backups
CoffeeBean performs daily and monthly backups of all its data. The data in backup is encrypted as the data at rest using AES-256 algorithm. For storage, it uses the Amazon S3 and Amazon Glacier services infrastructure.
Compliance
PCI DSS
The platform is compliant to PCI Data Security Standard (PCI DSS). Settings such as repeated access attempts, user lockout duration and repeated password usage can be configured to increase the user access security level.
Social Network Privacy Policies
CoffeeBean platform is in compliance with all the social network privacy policies that protect the customer’s data and their rights. When a user logs in by using their Facebook account, we capture their data and builds their Customer Identity. If the user changes any information on their Facebook profile, this data is automatically updated in their Customer Identity of the database to always keep the data up-to date and following the social network privacy policy.
Cloud Compliance
Our entire infrastructure and data is hosted on Amazon Web Service(AWS) cloud service platform. The AWS is compliant to the most important certifications and regulations to guarantee security and protection on the cloud. Among the certifications are the ISO 27001, ISO 27018 and C5[Germany]. For more information about the other compliances visit this link.
Complete CSA STAR Self-Assessment
Cloud Security Alliance (CSA) STAR is the industry’s most powerful program for security on the cloud, promoting the use of best practices to help ensure secure cloud computing environments. The CoffeeBean platform is in compliance with CSA-published best practices. Contact us to see the results of the CSA STAR Self-Assessment.
PCI DSS
The platform is compliant to PCI Data Security Standard (PCI DSS). Settings such as repeated access attempts, user lockout duration and repeated password usage can be configured to increase the user access security level.
Social Network Privacy Policies
CoffeeBean platform is in compliance with all the social network privacy policies that protect the customer’s data and their rights. When a user logs in by using their Facebook account, we capture their data and builds their Customer Identity. If the user changes any information on their Facebook profile, this data is automatically updated in their Customer Identity of the database to always keep the data up-to date and following the social network privacy policy.
Cloud Compliance
Our entire infrastructure and data is hosted on Amazon Web Service(AWS) cloud service platform. The AWS is compliant to the most important certifications and regulations to guarantee security and protection on the cloud. Among the certifications are the ISO 27001, ISO 27018 and C5[Germany]. For more information about the other compliances visit this link.
Complete CSA STAR Self-Assessment
Cloud Security Alliance (CSA) STAR is the industry’s most powerful program for security on the cloud, promoting the use of best practices to help ensure secure cloud computing environments. The CoffeeBean platform is in compliance with CSA-published best practices. Contact us to see the results of the CSA STAR Self-Assessment.