Objective
Security is one of the most important aspects in the system, especially for a Multi-tenant application like Redsky. This document lists the security controls that are implemented in Redsky.
Organizational Security
We have an Information Security Management System (ISMS) in place which takes into account our security objectives and the risks and mitigations concerning all the interested parties. We employ strict policies and procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data.
Employee background checks
Each employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users.
Security awareness
Each employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance. We provide training on specific aspects of security that they may require based on their roles.
We educate our employees continually on information security, privacy, and compliance in our internal community where our employees check in regularly, to keep them updated regarding the security practices of the organization. We also host internal events to raise awareness and drive innovation in security and privacy.
Internal audit and compliance
We have a dedicated compliance team to review procedures and policies to align them with standards, and to determine what controls, processes, and systems are needed to meet the standards. This team also does periodic internal audits and facilitates independent audits and assessments by third parties.
Endpoint security
All workstations issued to employees run up-to-date OS version and are configured with anti-virus software. They are configured such that they comply with our standards for security, which require all workstations to be properly configured, patched, and be tracked and monitored by our endpoint management solutions. These workstations are secure by default as they are configured to encrypt data at rest, have strong passwords, and get locked when they are idle. Mobile devices used for business purposes are enrolled in the mobile device management system to ensure they meet our security standards.
Physical Security
At workplace
We control access to our resources (buildings, infrastructure and facilities), where accessing includes consumption, entry, and utilization. We provide employees, contractors, vendors, and visitors with different access cards that only allow access strictly specific to the purpose of their entrance into the premises. Human Resource (HR) team establishes and maintains the purposes specific to roles. We maintain access logs to spot and address anomalies.
Monitoring
We monitor all entry and exit movements throughout our premises in all our business centers through CCTV cameras deployed according to local regulations. Back-up footage is available up to a certain period, depending on the requirements for that location.
Infrastructure and Server Security
Redsky infrastructure
The Redsky system is deployed on AWS cloud. The architecture consists of load balanced application servers with complete failover support using Auto-Scaling Group. The database is hosted within RDS (AWS Managed Service) with High Availability implementation using a Primary and a Secondary instance.
All server instances are monitored using AWS CloudWatch, which provides up to the minute information on server health and generates proactive alerts.
Vulnerability and Penetration Tests are conducted periodically.
The System and Organization Controls 3 Report on the Amazon Web Services System Relevant to Security, Availability, and Confidentiality can be found at the following URL:
https://d1.awsstatic.com/whitepapers/compliance/AWS_SOC3.pdf
Network security
Our network security and monitoring techniques are designed to provide multiple layers of protection and defence. We use firewalls to prevent our network from unauthorized access and undesirable traffic. Our systems are segmented into separate networks to protect sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting our production infrastructure.
Firewalls are configured to restrict access to only the required ports from designated sources. Public access is limited to the webservers over encrypted connections using TLS 1.2 protocol while all other access to the production infrastructure is protected within a Virtual Private Cloud (VPC) to restrict direct access.
We monitor firewall access with a strict, regular schedule. All changes are reviewed as required or at the least every three months to update and revise the rules. All crucial parameters are continuously monitored using tools and notifications are triggered in any instance of abnormal or suspicious activities in our production environment.
DDoS prevention
We use technologies from well-established and trustworthy service providers to prevent DDoS attacks on our servers. These technologies offer multiple DDoS mitigation capabilities to prevent disruptions caused by bad traffic, while allowing good traffic through. This keeps our websites, applications, and APIs highly available and performing.
Server hardening
All servers provisioned for development and testing activities are hardened (by disabling unused ports and accounts, removing default passwords, etc.). The base Operating System (OS) image has server hardening built into it, and this OS image is provisioned in the servers, to ensure consistency across servers.
Intrusion detection and prevention
Our intrusion detection mechanism takes note of host-based signals on individual devices and network-based signals from monitoring points within our servers. Administrative access, use of privileged commands, and system calls on all servers in our production network are logged.
Roles and access
Infrastructure access is managed through AWS IAM service using Multi Factor Authentication. Appropriate IAM roles have been created for the system administrators and regular users to manage and monitor the infrastructure as required. All system administrators have limited access for day-to-day operations to prevent inadvertent root changes.
Application Security
Managing users
This access is limited to System Administrators who will be authorized to create users, disable users (when employees leave the company), assign roles and privileges, etc. Each user has Configuration Settings, Access Rights, Roles and Permissions to restrict Information.
Access type and security limits
Redsky has a unique design that allows different types of users to access the same shipment data but via use of security filters which are restricted to relevant views and edit capabilities. There are currently five portals; the table below provides a summary of what access limits are in place.
Portal | Purpose and Access Limits |
User Company | The portal provides access to the information required by the Internal users of the Clients like Move Managers, Billing, Warehouse Managers, Sales, etc. All Data are separated using Logical Controls and Filters to limit the access to information belonging to the Client to their users only, based on roles and permissions granted by the Client. |
Customer | The portal provides access to the information required by individual customers of the Clients and allows them to interact with the Clients. The Customer Portal users belong to the Client and can only see the Information linked to the Client. |
Account | The portal provides access to the information required by corporate customers of the Clients and allows for them to interact with the Clients. The Account Portal users belong to the Client and can only see the Information linked to the Client. |
Partner | The portal provides limited access to the information required by service providers of the Clients like Insurance Companies, Customs Agents, etc. and allows for them to interact with the Clients. The Partner Portal users belong to the Client and can only see the Information linked to the Client. |
Agent | The portal provides limited access to the information required by Relocation Agents. The Agent Users are managed and verified by Redsky. However, they are only provided access by the Client to information linked to the Client. |
Since the Redsky application is shared by multiple companies, all transaction and reference tables are structured to allow records of one company to be restricted to its Internal Users only. External Users are limited to the records they have been granted access to by the Client to which they belong. An Agent Portal User will only be able to see all records where they are assigned as a booking agent, destination agent and/or origin agent role.
To implement this, users are assigned data-filters which can be based on combinations of various control elements, e.g., billing code, agent code, job-types, etc.
Roles
All users can be assigned roles dependent on the function and Information they need access to. There are predefined standard roles like Coordinators, Salesperson, Finance, etc. and some custom roles created for special situations. A System Administrator needs to authorize access and roles to be granted.
- Roles generally provide access to Menus, Tabs and Sections. A section is a grouping within a page (Tab) e.g. we may put address details in a customer file section while Menus are a collection of Tabs.
- For Roles with common menu access or conflicts, the system works off a superset of privileges with the highest access prevailing.
Field level security
We have implemented access control at field levels for specific fields that allows a client to assign permission to Roles to restrict View or Edit the field. We also offer audit-trail features which provides a history of the changes made to the field value along with by whom and when it was modified. This audit watch list is configurable by company administration based on its requirement.
Passwords
The passwords are fully encrypted so when users forget their password, only the users can reset their password after generating a time limited verification pin sent on their respective email addresses.
- Old passwords cannot be retrieved.
- The new users are assigned a password that is forced to be changed on the first successful login.
- We can implement a company specific masking for passwords, e.g. minimum and maximum length, character requirements, etc.
- The minimum password length for Corporate users is configurable for each company and can vary from 8 to 15.
Password expiry
All users have a company default period for expiry of a password after which the access is automatically blocked unless the user changes their passwords. The period limit can be different for internal and external users. The current system default is 6 months for internal users and 3 months for external.
Maximum invalid Account login attempts
There is a restriction on the number of attempts one can make while logging into Redsky. The maximum number of invlogin attempts allowed is configurable for each company.
Inactivity time-out
There is an application wide time-out which is set to a default for all users as 60 minutes of inactivity. The users are automatically logged off beyond the time limit.
Multi-Factor Authentication (MFA)
RedSky has implemented Multi-Factor Authentication (MFA) for CorpID users to enhance security. MFA requires users to provide two or more verification factors to gain access to a resource, adding an additional layer of protection beyond just a username and password. With MFA, you will be required to provide two verification factors—something you know (password) and something you have (a device that generates an MFA code)—before accessing your RedSky account.
MFA adds a critical layer of defense against phishing attacks and credential theft, ensuring that compromised passwords alone are insufficient for unauthorized access.
Access logging
We log the login and logout attempts of users along with the IP address. We have a switch to enable internal user access login if a company desires but do not recommend this. We also maintain an Elastic Load Balancer (ELB) access log which keeps track of all accesses to the application URLs.
Security reports
Redsky provides System Administrators of our customers several reports to monitor access of their users. Reports cover roles assignments, successful and unsuccessful login logs, and activity audit trails of their users.
Data Security
Secure by design
Every change and new feature is governed by a change management policy to ensure all application changes are authorised before implementation into production. Our Software Development Life Cycle (SDLC) mandates adherence to secure coding guidelines, as well as screening of code changes for potential security issues with our code analyser tools, vulnerability scanners, and manual review processes.
Our robust security framework based on OWASP standards, implemented in the application layer, provides functionalities to mitigate threats such as SQL injection, Cross site scripting and application layer DOS attacks.
Data isolation
Our framework distributes and maintains the cloud space for our customers. Each customer's service data is logically separated from other customers' data using a set of secure protocols in the framework. This ensures that no customer's service data becomes accessible to another customer.
Encryption
All customer data transmitted to and from our servers over public networks is protected using strong encryption protocols. We mandate all connections to our servers use Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers, for all connections including web access, API access and IMAP/POP/SMTP email client access. This ensures a secure connection by allowing the authentication of both parties involved in the connection, and by encrypting data to be transferred.
Data retention and disposal
We hold the data in the customer account as long as the customer chooses to use Redsky's services. Once the customer terminates their contract, their data will get deleted from the active database and file storage. The data deleted from the active database will be deleted from backups after 3 months.
A verified and authorized vendor carries out the disposal of unusable devices. Until such time, we categorize and store them in a secure location. Any information contained inside the devices is formatted before disposal. We degauss failed hard drives and then physically destroy them using a shredder. We crypto-erase and shred failed Solid State Devices (SSDs).
Administrative access
We employ technical access controls and internal policies to prohibit employees from arbitrarily accessing user data. We adhere to the principles of least privilege and role-based permissions to minimize the risk of data exposure. We log all the operations on data and audit them periodically.
Operational Security
Logging and monitoring
We use AWS CloudTrail service that enables governance, compliance, operational auditing, and risk auditing of our AWS account. With CloudTrail, we log, continuously monitor, and retain account activity related to actions across our infrastructure. CloudTrail provides event history of account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, we use CloudTrail to detect unusual activity in our AWS accounts.
In addition, we also monitor and analyse information gathered from services, network traffic, and usage of devices and terminals.
Vulnerability management
We have a vulnerability management process that actively scans for security threats using certified third-party scanning tools with automated and manual penetration testing efforts.
Once we identify a vulnerability requiring remediation, it is logged, prioritized according to the severity, and assigned to an owner. We further identify the associated risks and track the vulnerability until it is closed by either patching the vulnerable systems or applying relevant controls.
Malware and spam protection
We scan all user files using our automated scanning system that’s designed to stop malware from being spread through Redsky's ecosystem. Our anti-malware engine receives regular updates from external threat intelligence sources and scans files against blacklisted signatures and malicious patterns.
Redsky uses SPF record to verify that email messages sent from our servers are authenticated and not flagged as spam.
Incident Management
Reporting
We have a dedicated incident management team. We notify the customers of the incidents in our environment that apply to them, along with suitable actions that they may need to take. We track and close the incidents with appropriate corrective actions. Whenever applicable, we will identify, collect, acquire, and provide our customers with necessary evidence in the form of application and audit logs regarding incidents that apply to them. Furthermore, we implement controls to prevent recurrence of similar situations.
For general incidents, we will notify all users through email. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address of the Organisation administrator registered with us).
Disaster Recovery Plan
Plan overview
The plan aims to minimize the disruption caused by a disaster to the infrastructure hosting Redsky’s software services.
Plan objectives
The primary objective of this disaster recovery plan is to ensure the continued operation of identified business critical systems in the event of a disaster.
The goal of the plan is to be operational with our services at the production or standby infrastructure within 4 hours (RTO).
Database backup &restore policy
- Backup
Full backups are performed on the Redsky database as below:
| Process | RPO |
1 | Full DB Backup | Daily |
2 | Mirroring with the secondary replica | < 1 minute |
3 | EFS/File Cabinet Backups | Daily |
4 | Retention of backup files | 3 months |
5 | Mode of retention of backup files | AWS Storage |
2. Restore
The data backup is restored and tested once every month to check the backup data against the production site and towards Business Continuity preparedness.
Code management
All code is maintained using the Source Code Management (SCM) - Apache Subversion (SVN). The SCM best practices like branching, merging and tagging are followed to ensure that we have complete control of code releases and versions.
| Policy | Process |
1 | Code branching, merging and tagging | Branch is created for every release and named according to the Redsky SCM naming standard. A tag is maintained for every release to enable recovery of code from a point in time. |
2 | Code backup | The code backup is done once a day. |
3 | Code deployment | Code is deployed on staging server with every release into production ensuring that the latest version is deployed in staging. |
Standard emergency procedures
| Incident | Process |
1 | Database server crash | The application will be connected to the secondary replica if the primary database crashes, until the primary database has been restored using the latest backup. |
2 | Application server crash | If any server becomes unhealthy in the cluster, ASG automatically triggers a new server creation using a stored image to ensure a quick failover. Perform a root causeanalysis using the logs stored in CloudWatch to come up with a permanent solution. |
3 | Damage to file cabinet data | Restore the file cabinet data from the daily backup of the Elastic File System (EFS) on AWS.
|
Privacy Policy
The Privacy Policy covers our collection, use and disclosure of information we collect through our website www.redskymobility.com and service platform located at https://www.skyrelo.com/redsky.
The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged Redsky Mobility Solutions, LLC and its User Companies.
RedSky complies with the EU-US Data Privacy Framework (EU-US DPF) and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce. Redsky is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Data Privacy Framework, to the Framework’s applicable Principles.
GDPR Compliance
Redsky has laid down external and internal privacy policies to fully adhere to the EU-privacy laws as laid down in the General Data Protection Regulation (hereon: GDPR).
Redsky processes the received personal data to enable the use of our services to our customers and their end users. The use of our services can be divided into several goals or ‘purpose’ and every purpose can be connected to a lawful ground in terms of the GDPR.
With the advent of the General Data Protection Regulation (GDPR), our end users have been granted various rights with regard to the processing of their personal data. In short, these amount to:
• right to access (right to find out what Redsky Mobility knows about them)
• right to removal (right to be forgotten by Redsky Mobility)
• rectification/supplement (the right to correct their data at Redsky Mobility)
• right to restriction of processing
• and the right to object to data processing
If an end user invokes one or more of the above rights, we have an obligation to comply with such requests.
Data anonymization
To further comply with GDPR, Redsky provides our customersthe ability to enable data anonymization serviceon productionenvironment for all personally identifiable information (Name, Address, Email, Phone) associated with their account,based on conditions such as Status, Updated On date, Created On date etcas instructed by them.
The personally identifiable information on other environments such as development and staging are always anonymized by default.
Note: The anonymized records are still available. However, the personal data will not be identifiable due to the anonymization.
Integrity of Personal Data
Redsky maintains its systems in accordance with the most recent industry standards to reasonably secure personal data against unauthorized access, accidental or intentional manipulation, and loss, both during transmission and once it is received.
Redsky makes use of secured https-connections using SSL/TLS 1.2protocol to maintain the security of our website(s) and App.
We keep personal data on secure off-site databases with professional third parties managing the integrity of our production environment. Our infrastructure is protected against unauthorized access using the AWS IAM service with Multi Factor Authentication enabled.
Redsky has trained employees to understand the responsibility that they have when they access personal data. Any access to personal data is restricted to only those individuals that have a need to know to fulfil their job responsibilities within Redsky. Redsky maintains a log-in and log-out policy for access of the administrator privileges to our Application and Database.
Cookie Policy
A cookie is a small text file that is stored on a user's computer for record-keeping purposes. We use cookies on this Platform. However, we do not link the information we store in cookies to any personal information the user submits while on our Platform.
We use both session ID cookies and persistent cookies. We use session cookies to make it easier for the user to navigate our Platform. A session ID cookie expires when the user closestheir browser. A persistent cookie remains on the user’s hard drive for an extended period of time. Theuser can remove persistent cookies by following directions provided in their Internet browser's "help" documentation.
Data Breach Protocol
If there is a data breach the following protocols are Initiated:
- Immediately after an employee discovers that there may be unlawful processing or access of personal data within Redsky Mobility SolutionsLLC., he or she shall notify the Incident Management Team.
- The Incident Management Team decides whether there is a (possible) data breach or vulnerability. Based on the nature of the breach and applicable lawsRedsky will notify law enforcement, other affected businesses, and affected individuals.
- The Incident Management team will conduct an audit and secure all systems and fix vulnerabilities that may have caused the breach.
- Redsky will identify a data forensics team and if neededhire independent forensic investigators to help determine the source and scope of the breach.