Systems Security Policy & Information
Cloud security at Staffing Future is the highest priority. As an AWS customer and infrastructure user, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.
An advantage of the AWS cloud is that it allows us to scale and innovate while maintaining a secure environment.
Our AWS infrastructure provides several security capabilities and services to increase privacy and control network access. These include:
- Network firewalls built into Amazon VPC, and web application firewall capabilities in AWS WAF let you create private networks and control access to your instances and applications
- Customer-controlled encryption in transit with TLS across all services
- Connectivity options that enable private, or dedicated, connections from your office or on-premises environment
- Automatic encryption of all traffic on the AWS global and regional networks between AWS secured facilities
Availability is of paramount importance in the cloud. Staffing Future customers benefit from AWS services and technologies built from the ground up to provide resilience in the face of DDoS attacks. A combination of AWS services may be used to implement a defense in depth strategy and thwart DDoS attacks. Services designed with an automatic response to DDoS help minimize time to mitigate and reduce impact.
Our AWS technologies use autoscaling, Amazon CloudFront and Amazon Route 53 to help to mitigate Distributed Denial of Service attacks. to your data at rest in the cloud, providing scalable and efficient encryption features.
Staffing Future utilizes AWS ability to add an additional layer of security to your data at rest in the cloud, providing scalable and efficient encryption features. This includes:
- Data encryption capabilities available in AWS storage and database services, such as EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift
- Flexible key management options, including AWS Key Management Service, allowing you to choose whether to have AWS manage the encryption keys or enable you to keep complete control over your keys
- Encrypted message queues for the transmission of sensitive data using server-side encryption (SSE) for Amazon SQS
- Dedicated, hardware-based cryptographic key storage using AWS CloudHSM, allowing you to satisfy compliance requirements
In addition, AWS provides APIs for you to integrate encryption and data protection with any of the services we develop or deploy in an AWS environment.
Inventory & Configuration:
Staffing Future uses a range of tools to allow you to move fast while still ensuring that your cloud resources comply with organizational standards and best practices. This includes:
- A security assessment service, Amazon Inspector, that automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage
- Deployment tools to manage the creation and decommissioning of AWS resources according to organization standards
- Inventory and configuration management tools, including AWS Config, that identify AWS resources and then track and manage changes to those resources over time
- Template definition and management tools, including AWS CloudFormation to create a standard, preconfigured environments
Monitoring & Logging:
Staffing Future uses advanced AWS tools and features that enable us to see exactly what’s happening in your AWS environment. This includes:
- Deep visibility into API calls through AWS CloudTrail, including who, what, who, and from where calls were made
- Log aggregation options, streamlining investigations and compliance reporting
- Alert notifications through Amazon CloudWatch when specific events occur or thresholds are exceeded
These tools and features give us the visibility we need to spot issues before they impact your business and allow us to improve security posture, and reduce the risk profile, of our environment.
Identity & Access Control:
Staffing Future uses various AWS capabilities to define, enforce, and manage user access policies across AWS services. This includes:
- AWS Identity and Access Management (IAM) lets you define individual user accounts with permissions across AWS resources
- AWS Multi-Factor Authentication for privileged accounts, including options for hardware-based authenticators
- AWS Directory Service allows you to integrate and federate with corporate directories to reduce administrative overhead and improve end-user experience
AWS provides native identity and access management integration across many of its services plus API integration with any of your own applications or services.
Staffing Future relies on AWS continually testing its infrastructure; the results are summarized in our compliance reports.