Trust

CoffeeBean Technology is committed to offering the best service to our clients, especially in regards to security and performance. We strive to offer a security infrastructure that delivers efficiency and scalability following security standards to provide protection to all the data collected. Learn more about each of the topic on the side menu:

Identity Management

CoffeeBean Technology is committed to offering the best service to our clients, especially in regards to security and performance. We strive to offer a security infrastructure that delivers efficiency and scalability following security standards to provide protection to all the data collected. Learn more about each of the topic on the side menu:

Infrastructure

Infrastructure

Security

Security

Availability

Availability

CoffeeBean Identity and Access Platform follows the industry’s best security practices, providing security for the systems and application layers, while the Amazon AWS, our Infrastructure-as-a-Service provider (IaaS), provides security for the network and data centers layers. Our platform also uses services managed by AWS, which provides security capabilities that enable us to create end-to-end security environments, whether for data in motion or data at rest.

The infrastructure of our platform is based on Amazon AWS services, whose Service Level Agreement commitment is 99.95% for services as EC2 and RDS. The 2016 availability registered for our application was 99.99%.

Scalability

Scalability and Redundancy

Storage

Storage Zones

CoffeeBean’s platform is implemented to be scalable and fault tolerant, using Amazon AWS services such as Elastic Load Balancing (ELB), Route 53 and Auto Scaling. With the Auto Scaling the application will scale automatically according to user demand. Our application is replicated in different availability zones in the same Amazon region, so that if one is not available, the system will continue to perform normally using the other one. In addition, we have replicas of the application and databases in different regions of Amazon as a disaster recovery plan.

  • North America: United States (N. Virginia)
  • Europe: Germany (Frankfurt)
  • South America: Brazil (São Paulo)

Security

Security

CoffeeBean Identity and Access Platform follows the industry’s best security practices, providing security for the systems and application layers, while the Amazon AWS, our Infrastructure-as-a-Service provider (IaaS), provides security for the network and data centers layers. Our platform also uses services managed by AWS, which provides security capabilities that enable us to create end-to-end security environments, whether for data in motion or data at rest.

Availability

Availability

The infrastructure of our platform is based on Amazon AWS services, whose Service Level Agreement commitment is 99.95% for services as EC2 and RDS. The 2016 availability registered for our application was 99.99%.

Scalability

Scalability and Redundancy

CoffeeBean’s platform is implemented to be scalable and fault tolerant, using Amazon AWS services such as Elastic Load Balancing (ELB), Route 53 and Auto Scaling. With the Auto Scaling the application will scale automatically according to user demand. Our application is replicated in different availability zones in the same Amazon region, so that if one is not available, the system will continue to perform normally using the other one. In addition, we have replicas of the application and databases in different regions of Amazon as a disaster recovery plan.

Storage

Storage Zones

  • North America: United States (N. Virginia)
  • Europe: Germany (Frankfurt)
  • South America: Brazil (São Paulo)

Data Security

Data Security

Data in Motion

Data in Motion

CoffeeBean applies secure connection (SSL/TLS) on all endpoints, providing private and trusted communication for users to our services and their data, avoiding common attacks such as man-in-the-middle. The certificate uses RSA 2048-bit key, generated and certified annually by Go Daddy Secure Certificate Authority. Our endpoints were submitted to SSL security tests by analysis tools from Qualys and we achieved a level A classification, which is the best one.

Data at Rest

Data at Rest

Each customer has its own environment where all the data captured is stored and isolated from another customer’s data. The platform dashboard access is also protected with authentication layers for each customer. The customer database is encrypted at rest using AES-256 algorithm, which includes the main storage, backups and snapshots. SSL is also used to encrypt all connections to the databases, providing security in motion to access data. Sensitive data that is managed by the platform is transmitted and stored using additional encryption algorithms. Passwords are hashed in a way that cannot be recovered, they can only be compared with user inputs.

Security Audit

Security Audit

CoffeeBean systems and applications are periodically submitted for penetration testing, vulnerability scans and intrusion detection tests. It provides feedbacks to continuous security improvements, by proactively detecting and fixing the latest vulnerabilities and threats found by the security industry.

Security Standarts

Security Standards

The CoffeeBean Identity and Access Platform is fully compliant with OAuth 1.0 and OAuth 2.0 standards, which are widely used by social networks to provide social login. Our platform also provides OAuth 2.0 APIs to enable secure integrations with client side applications, such as mobile and front-end ones. It is also compliant to PCI Data Security Standard (PCI DSS). Settings such as repeated access attempts, user lockout duration and repeated password usage can be configured to increase the user access security level. By using the infrastructure and standard services of Amazon AWS, the platform also benefits from several advantages in terms of security that are automatically managed by Amazon, including security standards such as ISO 27001, ISO 27017, FIPS 140-2, PCI DSS Level 1, and so on. More details about AWS security, certifications and accreditations can be found in this link.

Backups

Backups

CoffeeBean performs daily and monthly backups of all its data. The data in backup is encrypted as the data at rest using AES-256 algorithm. For storage, it uses the Amazon S3 and Amazon Glacier services infrastructure.

Data in Motion

Data in Motion

CoffeeBean applies secure connection (SSL/TLS) on all endpoints, providing private and trusted communication for users to our services and their data, avoiding common attacks such as man-in-the-middle. The certificate uses RSA 2048-bit key, generated and certified annually by Go Daddy Secure Certificate Authority. Our endpoints were submitted to SSL security tests by analysis tools from Qualys and we achieved a level A classification, which is the best one.

Data at Rest

Data at Rest

Each customer has its own environment where all the data captured is stored and isolated from another customer’s data. The platform dashboard access is also protected with authentication layers for each customer. The customer database is encrypted at rest using AES-256 algorithm, which includes the main storage, backups and snapshots. SSL is also used to encrypt all connections to the databases, providing security in motion to access data. Sensitive data that is managed by the platform is transmitted and stored using additional encryption algorithms. Passwords are hashed in a way that cannot be recovered, they can only be compared with user inputs.

Security Audit

Security Audit

CoffeeBean systems and applications are periodically submitted for penetration testing, vulnerability scans and intrusion detection tests. It provides feedbacks to continuous security improvements, by proactively detecting and fixing the latest vulnerabilities and threats found by the security industry.

Security Standarts

Security Standards

The CoffeeBean Identity and Access Platform is fully compliant with OAuth 1.0 and OAuth 2.0 standards, which are widely used by social networks to provide social login. Our platform also provides OAuth 2.0 APIs to enable secure integrations with client side applications, such as mobile and front-end ones. It is also compliant to PCI Data Security Standard (PCI DSS). Settings such as repeated access attempts, user lockout duration and repeated password usage can be configured to increase the user access security level. By using the infrastructure and standard services of Amazon AWS, the platform also benefits from several advantages in terms of security that are automatically managed by Amazon, including security standards such as ISO 27001, ISO 27017, FIPS 140-2, PCI DSS Level 1, and so on. More details about AWS security, certifications and accreditations can be found in this link.

Backups

Backups

CoffeeBean performs daily and monthly backups of all its data. The data in backup is encrypted as the data at rest using AES-256 algorithm. For storage, it uses the Amazon S3 and Amazon Glacier services infrastructure.

Compliance

Compliance

PCI

PCI DSS

The platform is compliant to PCI Data Security Standard (PCI DSS). Settings such as repeated access attempts, user lockout duration and repeated password usage can be configured to increase the user access security level.

Social Privacy

Social Network Privacy Policies

CoffeeBean platform is in compliance with all the social network privacy policies that protect the customer’s data and their rights. When a user logs in by using their Facebook account, we capture their data and builds their Customer Identity. If the user changes any information on their Facebook profile, this data is automatically updated in their Customer Identity of the database to always keep the data up-to date and following the social network privacy policy.

Cloud Compliance

Cloud Compliance

Our entire infrastructure and data is hosted on Amazon Web Service(AWS) cloud service platform. The AWS is compliant to the most important certifications and regulations to guarantee security and protection on the cloud. Among the certifications are the ISO 27001, ISO 27018 and C5[Germany]. For more information about the other compliances visit this link.

Cloud Security

Complete CSA STAR Self-Assessment

Cloud Security Alliance (CSA) STAR is the industry’s most powerful program for security on the cloud, promoting the use of best practices to help ensure secure cloud computing environments. The CoffeeBean platform is in compliance with CSA-published best practices. Contact us to see the results of the CSA STAR Self-Assessment.

PCI

PCI DSS

The platform is compliant to PCI Data Security Standard (PCI DSS). Settings such as repeated access attempts, user lockout duration and repeated password usage can be configured to increase the user access security level.

Social Privacy

Social Network Privacy Policies

CoffeeBean platform is in compliance with all the social network privacy policies that protect the customer’s data and their rights. When a user logs in by using their Facebook account, we capture their data and builds their Customer Identity. If the user changes any information on their Facebook profile, this data is automatically updated in their Customer Identity of the database to always keep the data up-to date and following the social network privacy policy.

Cloud Compliance

Cloud Compliance

Our entire infrastructure and data is hosted on Amazon Web Service(AWS) cloud service platform. The AWS is compliant to the most important certifications and regulations to guarantee security and protection on the cloud. Among the certifications are the ISO 27001, ISO 27018 and C5[Germany]. For more information about the other compliances visit this link.

Cloud Security

Complete CSA STAR Self-Assessment

Cloud Security Alliance (CSA) STAR is the industry’s most powerful program for security on the cloud, promoting the use of best practices to help ensure secure cloud computing environments. The CoffeeBean platform is in compliance with CSA-published best practices. Contact us to see the results of the CSA STAR Self-Assessment.