How is user data secured?
Programa has multiple security controls to prevent unauthorised access to user data. Including "network isolation", "application-layer threat prevention", and "Security group access control". Using these controls together provide redundancy in case a single security control fails. Essentially these controls ensure that only legitimate traffic is allowed into the database and all other traffic is blocked which helps reduce attack vectors.
How do you detect unauthorised access?
We continuously monitor all activities to detect unauthorised access. We use a service called Amazon GuardDuty that provides threat intelligence in the cloud. It uses machine learning and external threat intelligence sources to trigger alerts when any security anomalies are detected. In combination with this all AWS activity is recorded in a full audit trail that can be used to determine who, what and when. This information can be used to assess a security incident. Should a data breach be detected we have a checklist for providing a notification to affected users which includes a description of the breach, date and time, what caused it, and the type of information involved.
How do you trace what happened after an incident happens?
In addition to using AWS Cloud Trial which provides a full audit trail for who accessed AWS resources, logs are recorded by the Programa application and other services that run on our infrastructure. These logs are aggregated and can be queried to find out where the attacker came from and what actions they took.
Does Programa depend on any cloud providers?
Yes, Programa is deployed on Amazon Web Services (AWS).
What is the uptime for Programa?
Programa does not currently have a stated uptime. However, Programa runs on AWS cloud infrastructure and we utilise AWS solution architects for technical reviews and operational excellence. Our infrastructure is fully serverless which provides automatic scaling and built-in high availability. These technologies also eliminate infrastructure management tasks like capacity provisioning and patching.
Data Residency β Where is user/product data located?
All user and product data resides in Sydney, Australia.
Data retention β excluding data needed to maintain compliance, what is your standard data retention period for personal information / content / product content?
Programa retains every daily backup for 7 days. When a user asks to close their Programa account all personal information and content generated by the user is permanently deleted.
Encryption β Is data encrypted? Are backups encrypted?
All data is encrypted in transit between the user's web browser and the Programa servers.
All user data in the Programa database is encrypted at rest using the industry standard AES-256 encryption algorithm. As a result should anyone steal the database its contents is useless without access to the (AWS managed) encryption key
All user media content is encrypted at rest using AES-256