BoltOps delivers a scalable infrastructure environment that provides control to the customer. We take the responsibility of managing the customer's infrastructure seriously, as well as maintaining their trust and confidence. The BoltOps infrastructure provides the foundation with the necessary controls for businesses to function in the AWS cloud environment and meet their security objectives. Customers can tightly and strictly control access to environments that process sensitive data. While at the same time, the architecture enables customers to deploy applications quickly.
Shared Security Responsibility Model
BoltOps makes heavy use of AWS, which practices a Shared Security model. Essentially, this means that AWS takes responsibility "of the cloud" itself and customers are responsible for what they put "in the cloud." So BoltOps and its clients have a shared responsibility for what is "in the cloud." BoltOps takes responsibility for the infrastructure resources that are provisioned and manages those resources. The client is responsible for the application code deployed.
This section covers the process that BoltOps goes through for new hires to address the human-factor concerns.
- BoltOps conducts a criminal background check, as permitted by law, as part of the employment screening process for any full-time hire.
- Employees receive onboarding training and review the security process according to their position and level of access required.
- BoltOps employees are given access to the customer's environments on an as-needed basis. Their access is removed when no longer necessary.
When BoltOps employees leave or retire, under normal conditions, they will go through an offboarding process.
- Access is revoked to external customer access immediately. This can include AWS credential access, Ssh keys, and 3rd party services like NewRelic and Sentry.
- Access is revoked to internal BoltOps services and accounts. This can include the Gmail App Suite, AWS credential access and Ssh keys.
BoltOps takes advantage of several infrastructure features to increase privacy and control network access. These include:
- A custom designed VPC network layout with segregated private subnets and public subnets.
- Standard usage of security group firewalls and network ACLs to control network traffic.
- A bastion host to provide a single point of audit and access into the network.
- An IPSec VPN connectivity option from the customer’s datacenter to AWS. This enables private or dedicated connections from on-premise environments to connect directly to the AWS infrastructure.
- An MFA SSH connection option to provide an additional layer of protection when accessing a server instance.
IAM Users and Access Control
BoltOps makes use of AWS IAM capabilities to define, enforce, and managed user access policy across AWS services. This includes:
- Individual user accounts and credentials. Each user has a unique name and set of security credentials. This removes the use of shared passwords or keys.
- A strong password policy that requires complex passwords and rotation every 90 days.
- Multifactor Authentication setup option for privileged accounts.
- IAM Role delegation to federate access and reduce the administrative overhead of managing duplicate users on multiple accounts.
- IAM Role delegation to allow access to different environments like production and staging in segregated AWS accounts.
- IAM Role usage for applications whenever possible to take advantage of automatic key rotation.
Monitoring and Logging
BoltOps provides tools that enable customers to see what is happening on their AWS environment. These include:
- CloudTrail setup that allows auditing of who, what, when API calls are made affecting AWS resources.
- CloudWatch Logging setup for centralized logging and monitoring of application requests and responses. This enables quick investigation of issues and compliance reporting.
- CloudWatch alarming to notify customers of specific events or when thresholds are exceeded.
The tools provide customers with the visibility they need to spot issues and improve the security of their environment. The logs can be retained to a period defined by the customer and can also be archived permanently on Glacier to meet compliance requirements.
BoltOps infrastructure provides the ability to secure customer’s data at rest in the AWS cloud with efficient security encryption features. This includes:
- Server side data encryption on S3 such as SSE-S3, SSE-KMS, SSE-C, depending on whether the customer is required to maintain complete control over their encryption key.
- EBS storage encryption options if required when the customer maintains sensitive data on the filesystem.
- KMS for application secrets management with sensitive data like database passwords or vendor keys.
- Glacier for archival storage with automatically encrypted data using AES-256.
Data Backup and Security
BoltOps offers a variety of backup options. This includes:
- EBS Snapshots within AWS regions. Sensitive data is not moved out of an AWS region without the approval from the customer to satisfy possible compliance requirements.
- S3 and Glacier Storage using lifecycle policies to help meet data backup requirements.
S3 is restricted by default, and only the bucket owner has access to stored data. There are multiple ways to control access to the s3 buckets:
- IAM Policies - Access can be controlled and managed with IAM policies and attached to specific users.
- Access Control Lists - ACLs - Within S3 we can create ALCs to grant read or write access to groups of users.
- Bucket Policies - Bucket policies apply at the S3 bucket level and can be used to add or deny permissions to some or all objects in the bucket.
BoltOps employees are trained to be aware of and to detect security incidents. When aware of issues, they must assist in the reporting of incidents to the customer’s security officer or an appropriate party if a security officer is not in place. Examples of security incidents can include, but are not limited to:
- Unauthorized access to customer systems.
- Abnormal system behavior - unscheduled system reboot, unexpected messages.
- Fraud, theft or damage.
Inventory and Configuration Management
BoltOps can provide several security options and tools that allow customers to ensure that their cloud resources comply with their organizational standards and best practices. This includes:
- AWS Service Catalog to promote standardization, best practices and provide control over configuration and provisioning.
- AWS Config Security Checks to ensure system components conform to business compliance rules.
- AWS Trusted Advisor Review to review costs and maintain AWS best security practices.
BoltOps uses AWS as its cloud provider. The AWS Cloud meets many regulatory standards like PCI and HIPAA, and they provide an extensive list in their AWS Certifications, Programs, Reports, and Third-Party Attestations white paper. AWS is responsible and provides compliance for the physical layer and below. Auditing for most layers and controls above the physical layer is the responsibility of the AWS customer. Ultimately, this means that there is a shared responsibility between the infrastructure stack that BoltOps provides and the customer that BoltOps supports.
We take this shared responsibility seriously and are committed to helping customers meet their compliance needs. Whether it is compliance with PCI, SOX, or HIPAA, we work directly with customers to provide the necessary support to pass these compliance requirements. The BoltOps infrastructure stack is extremely transparent, customizable and auditable. Our understanding of the infrastructure from the ground up and desire to empower our customers, puts them in a strong position to meet their compliance requirements.
Management of Infrastructure as Code
BoltOps manages the infrastructure as code. This approach provides BoltOps customers with an infrastructure which is more auditable, reproducible, and controlled.
- AWS CloudFormation templates and powerful management tools provision infrastructure and roll out changes in a controlled and repeatable manner.
- This provides a quicker audit path of the resources that are being provisioned and managed.
- Customers have additional meta data history to help trace and understand how and why the infrastructure changes over time.
Fault Tolerant Design
BoltOps provides a highly available and scalable infrastructure foundation for its customers. This includes:
- Design with at least 2 Availability Zones to ensure redundancy in the case of an AZ failure.
- Redundant VPC Network topology design so there’s no single point of failure.
- Multi-AZ Database failover setup to ensure that the data tier is highly available.
- Segregation of production and staging environments in separate AWS accounts to mitigate human errors.
Though the security of the application is predominantly determined by the application code and logic, BoltOps can assist in application security by enabling features for customers that mitigate risks for the application. This includes:
- Use of SSL/TLS for data transmission. SSL Termination can be set up at the CDN or Load Balancer Tier and helps reduce resource utilization at the app tier.
- KMS storage for sensitive data and secrets like database passwords and vendor credentials.
- Web Application Firewall protection to safeguard against SQL injection and cross scripting attacks.
BoltOps appreciates the opportunity to work with customers and their infrastructure goals. We believe we are in a strong position to provide highly scalable and customizable stack that meets customers needs securely.
We are in a strong position to do this because of how much emphasis we place on the codification of the infrastructure. The infrastructure is changed in a controlled and well-defined manner, which provides a way to quickly audit the system. Additionally, we provide transparency to any component of the environment. It’s about identifying and responding to security threats quickly before they become a problem. We are happy to involve security agents and team members at any level of the process. Customers can also be provided onboarding training. This gives them an overview of the design, network topology, security firewalls, network ACLs, bastion host, and how the change control process works. Making the customer satisfied is of utmost importance to BoltOps.