Like with any cloud based system the DBAs have access to the database. In our case this is true as well. Only our DBAs have access to the database for obvious reasons, no one else. Access to database does not necessarily mean access to data as some sensitive fields like passwords are stored encrypted. Data guarding for isolation of data within the database in ensured by Amazon's RDS service which we are using as our database management service. We employ not only authentication mechanisms but also authorization so access to data for a customer in MOHID is restricted to users and roles created by the customer through their MOHID system. Data integrity and isolation are ensured through our backend services and through role based authorization on the front end.
- Who can see or have access to my information? How do you isolate and safeguard one clients data from other clients?
MOHID is hosted with Amazon AWS. The AWS cloud is one of the most reliable, secure and highly available cloud infrastructures in the industry today. AWS provides a set of disaster recovery services by virtue of its multiple data centers located throughout various geographical regions. For more information please click here http://aws.amazon.com/disaster-recovery/. The MOHID web application and databases are running on geo-redundant infrastructure - EC2, RDS, Elastic Load Balancers, DNS, etc. across 2 Availability Zones: US West-Oregon (Primary), US East-N.Virgina (Backup) which means even in the case of a regional catastrophe, God forbid, the MOHID service and data will be intact, up and running through the other Availability Zone inshaAllah.
- What are your disaster recovery processes?
The Amazon RDS service which MOHID utilizes as a database management service replicates the MOHID databases for data integrity. Alarms are configured to indicate any discrepancies detected. RDS maintains several snapshots of the databases throughout a day on various servers and provides DBAs the ability to restore from any one of these. There may be a loss of data in such cases depending on transactions that may have occurred since the last snapshot being restored
- What happens in the event of data corruption?
The Amazon RDS service which MOHID utilizes as a database management service provides automated backups that are stored securely across different data centers. For more information please click here http://aws.amazon.com/rds/
- What are your methods for backing up our data?
The Amazon RDS service which MOHID utilizes as a database management service provides automated backups that are stored securely across different data centers. Currently our full database backups occur every 24hours. The backups are stored in the data centers corresponding to the 2 geo-redundant Availability Zones or Regions that MOHID utilizes: US West-Oregon (Primary), US East-N.Virgina (Backup). No data (backups included) is stored in any location outside the US. Our DBA's will have access to the backups.
- How often are backups made? How many copies of my data are stored, and where are they stored in US or Other Location? and who will have access to the backups?
All account activity related to user including access, transactional updates, profile changes, etc. and/or automated operations such as online transactions, automated receipts, etc. are logged and generate an audit trail. System events are logged internally as well as externally by Amazon services.
- How is activity in my account monitored and documented? What auditing capabilities are provided: Admin/MGMT, Billing, System Information?
We are proud to say that, Alhamdolillah, MOHID is hosted on the most reliable infrastructure available in the industry today - Amazon AWS. The network design is done in a way to optimize security by utilizing 2 firewalls to isolate access to the MOHID databases from public networks, provide fault tolerance, load balancing across multiple servers and auto scaling using Amazon's Auto-Scale (http://aws.amazon.com/autoscaling/) capabilities to dynamically spawn off additional instances based on high load in addition to being geo-redundant across 2 Availability Zones or Regions - US West-Oregon (Primary), US East-N.Virgina (Backup). See the attached infrastructure details at the bottom
- How reliable is your network infrastructure?
All payment transactions through MOHID are secured by 256bit SSL encryption between the clients (browser, kiosk, mobile app) and the MOHID server. The APIs used by MOHID to interface with payment processors like Forte and Paypal utilize HTTPS as transport and hence 128-256bit SSL encryption. No credit card information (number, expiration, CVV) is stored in MOHID even though the Amazon AWS data store (Elastic Block Store) and other services are PCI compliant http://aws.amazon.com/compliance/pci-dss-level-1-faqs/
- Any payment transactions thru Mohid are they secure and PCI compliant? do you store any financial information in your system?
Click here to see the MOHID deployment infrastructure architecture.