- Secured using cloud-based security groups and by deploying resources in Private subnet which is not accessible over internet.
- Application servers are accessible only if the user has secret key. The database can be accessible only via application server and designated system at our undisclosed location.
- No access to any server is possible via internet. The application server is behind an application load balancer which prevents exposing the application server to the internet.
- Automatic redirection of http request to https. The disks on production application server which will hold app data is encrypted. Production database storage is encrypted.
- The application front end is accessible via a secured URL (https), backend is accessible only from our secure offices in our undisclosed location through selected machines via redundant VPN between AWS and Clover
- Role based & dual factor authentication access methods are enforced by the system
- A strong web application firewall is configured to secure the platform further