Security at Neuralys

Protecting your data is our highest priority

Overview

As users of our own product, we understand how important the security and privacy of your data is. We are committed to providing our customers with a highly secure and reliable environment for its cloud-based application. We have therefore developed a security model that covers all aspects of cloud-based Neuralys systems.

We employ a full suite of secure software development activities and controls. This starts with the design of our applications in a three-tiered Model View Controller architecture. We carefully segment each of these technology layers via network and access controls. Within the code itself, our development teams leverage as many of the security functions that are made available by the framework. All of our developers utilize the OWASP secure coding guide, cheat sheets and relevant technology specific guidelines. Our code is tested via static analysis and black box scanning prior to being deployed to our production environment. In addition to our secure development activities, Neuralys deploys a number of controls to protect the confidentiality and integrity of our customers and their data. Some of these controls include but are not limited to:

  • Data at rest encrypted using AES 256
  • User passwords stored in one way salted hash
  • Centralized logging & alerting
  • All-network traffic encrypted via SSL and SSH
  • All application traffic over SSL/TLS
  • Three-tiered architecture/ compartmentalized & firewalled
  • Protecting Customer Data

    Our systems are hosted on Amazon AWS infrastructure, located in Northern Virginia. Amazon have devoted an entire portion of their site to explaining their security measures, which you can find here: https://aws.amazon.com/compliance and here: https://aws.amazon.com/security

    No one other than our developers can access the data of clients and this is only done if it is necessary to solve customer-related issues; for example, to restore or recover accidentally deleted data.

    Authorizing Access

    Customer data is stored only in the production environment. Developers only have approval to access user data in order to solve customers requests, issues or bugs. All logs of SSH connections to our production environment are saved and archived. Attachments in your account are encrypted and delivered on a per-user-access controlled basis. We know the data you share in Neuralys is private and confidential. We have strict controls over our employees' access to internal data and we are committed to ensuring that your data is never seen by anyone who should not see it.

    With that said, the operation of Neuralys wouldn't be possible without a few members having access to our databases in order to optimize performance and storage. This team is prohibited from using these permissions to view customer data without explicit, written permission from the user.

    Secure Software Design

    Any new feature or code that will be implemented into our system starts with an in-depth analysis of security and privacy risks. All code is saved into a git version control repository and evaluated in a test environment before deploying it into our production environment. All code is reviewed by a second developer to ensure code quality.

    Physical Security Protocols

    Security controls at Amazon data centers are based on standard technologies and follow the industry’s best security practices. The physical security controls are constructed in such a way as to eliminate the effect of single points of failure and retain the resilience of the computing center.

    Environmental Controls

      A variety of environmental controls are implemented at the Amazon's data center facilities.
  • Servers are locked inside the infrastructure in a designated area.
  • The server area is cooled by a separate air conditioning system, which keeps the climate at the desired temperature to prevent service outage.
  • The facilities are protected by a fire suppression system, which protects the computing equipment and has built-in fire, water, and smoke detectors.
  • The facilities have on-site generators, which serve as an alternative power source.
  • There is 24-hour video surveillance of all entrances and exits, lobbies, and ancillary rooms. The videos are recorded and monitored, and retained for later use.

  • Network Security

    Firewalls: Applications in the hosting and cloud have firewalls installed to shield them from attack and prevent the loss of valuable customer data. The firewalls are configured to serve as perimeter firewalls to block ports and protocols. DDoS mitigation and WAF: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service, and an advanced WAF scans all traffic going in and out of the private application network, allowing Neuralys to ensure high availability at all times, as well as prevent attacks and malicious activities.

    Encryption

    All transmissions to and from Neuralys, including sign-on, are encrypted at 256-bit and sent through TLS 1.2, adhering to the FIPS 140-2 certification standard. Our SSL implementation passes Qualys SSL Labs with very high score grades. We monitor the changing cryptographic landscape and upgrades the cipher suite choices as the landscape changes, while also balancing the need for compatibility with older clients.

    External Security Audits and Penetration Tests

    We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits of Neuralys Platform. We monitor our product for security vulnerabilities automatically as the product grows.

    System Monitoring, Logging and Alerting

    Neuralys monitors servers to retain and analyze a comprehensive view of the security state of its production infrastructure. Neuralys collects and stores production servers logs for analysis. Logs are stored and indexed in a separate network.

    Backup

    All of the data is backed up hourly to multiple disks. Backups are encrypted and distributed to various locations. Backups are saved for a period of 60 days.