This is a question we receive often. Security is part of the DNA of The Garland Group, so it is of our utmost concern. And, as a Security Consultant I can assure you that the answer to the question is very near and dear to my heart. So what is the answer? In a word…Yes.
RiskKey resides on Amazon’s AWS platform and is managed through EngineYard. Amazon AWS recently completed a SAS70 Type II review. The scope included a review of AWS’ operational performance and information security controls. While Amazon cannot release this information publicly (for obvious reasons), the independent audit firm did give the controls a favorable opinion. EC2 is the specific offering used by Amazon’s AWS offerings, which further protects your data by ensuring that network traffic within the EC2 cloud cannot be intercepted or spoofed.
EngineYard performs regular monitoring of the stack on which RiskKey runs, and backups all data routinely. Additionally, RiskKey is developed using Ruby on Rails which inherently provides protection against threats such as cross-site scripting. Development of RiskKey is tightly controlled using a combination of Agile Development/SDLC change management. Encryption is employed at multiple levels to ensure that data is protected during transmission while also ensuring that account information and uploaded files remain secured during storage.
Lastly, RiskKey has been (and will be) regularly tested using a combination of penetration tests, vulnerability scans, and web application assessments.
We know security is your concern. I assure you that it is also our’s.
For more information, please visit Amazon AWS or EngineYard
.
Now with all that security talk out of the way, click here for a free trial!