Security Protocols and Policies
All communication with backend servers must go through HTTPS with certificates issued by a well known certificate authority. All static web pages and API end points use separate single-domain certificates. In the rare case a domain is compromised, other domains are not affected.
Passwords are processed by cryptographic hash function before storing in the database. In the event of a database compromise, it is practically impossible for hackers to find out the original passwords from the leaked information.
Database Servers Security
GoWall® database lives inside an AWS virtual private cloud (VPC) and is placed in a private-facing subnet with no direct Internet access. Database management access and backup access require 2-step verification process. All database administrative operations are logged. Abnormal activities are reported through SMS messages and emails immediately.
2-Step Verification for Administrative Access
Administrative access to the GoWall® system is protected by a 2-step verification process. In addition to user name and password, a user needs a phone capable of receiving SMS messages to access the system.
Industry Standard Certified Infrastructure Backbone
GoWall® system runs fully on Amazon’s AWS infrastructure, which is certified by Department of Defense (DoD), Health Insurance Portability and Accountability act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS).
Backend API Servers Security
Backend servers live inside virtual networks AWS virtual private clouds (VPCs). External access is protected by carefully reviewed AWS security groups and network access control lists.
24/7 Security Scanning using 3rd-Party Tools
GoWall® runs full security scanning tests using 3rd-party tools on a regular basis. Our websites and API end points are monitored around the clock. Any security vulnerability is reported quickly and will be resolved with high priority.