This article outlines the data and security policies in place for Partful customers and employees.
Contents
- Introduction
- Security Responsibility
- Data
3D Data Storage
Database
On-Boarding of Data
Data Segregation
Encryption
Data Transmission - Security
Security Compliance
Platform Scanning
Authentication, User Management and Access
Tenant Access
Cloud Back End Access
Password policy
Users on Partful System - Tennant Access
- Cloud Back End Access
- Password Policy
- Logging and Alerting
- Conclusion
1. Introduction
Customer trust is our top priority and we know that customers care deeply about privacy and data security. This is why we have used AWS to provide data protection services including encryption, key management and threat detection that continuously monitors and protects your accounts and workloads.
We offer customers strong encryption for your content in transit and at rest, whether that be cloud-based storage or on a user device. Access to data in the cloud is fully audited, requires multi factor authentication and is strictly segregated.
We have also developed a unique file format that allows us to add another layer of security to processed and optimised 3D assets used in the client app. Using a custom file format means we can also keep the files small enough to download and load while on the go. We are constantly surveying the technological landscape for possible attack vectors and ways that we can further strengthen our security.
The Partful architecture consists of a web front end using a 3D stack, and a back end based on scalable serverless technology, which uses Amazon AWS as our standard platform. Partful's AWS infrastructure is continually assessed against the CIS AWS Foundations Benchmark to ensure compliance with security best-practice.
This document aims to provide further details of Partful's security. This is around the key areas: Data, Security, plus Logging and Alerting.
2. Security Responsibility
The Cloud provider is responsible for protecting the infrastructure that runs all of the services offered in the Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run cloud services.
Partful is responsible for the services that run on this cloud provider.
3. Data
One of the benefits of storing data in the cloud is the enterprise level of security protection and encryption is provided as standard. With the cloud, encryption and security protocols are built into the infrastructure default and this gets updated daily by the AWS business to ensure it has the latest encryption and security measures in place.
3D Data Storage
Partful data is held encrypted in our cloud-based platform and stored using a version-managed repository, which is fully encrypted and secured. Data is converted to Partful’s proprietary format for the purposes of security in the client. Storing the data in a version-managed secure repository allows us to never lose any changes to the data, and technically have the ability to revert data back. Data is encrypted and fully monitored by default using a custom key. Only the Partful technical team can access this data for the purpose of platform operation. When data is uploaded to our storage areas it is encrypted in transit using HTTPS.
Database
Our platform uses a database to store the information related to your 3D representations of your products. All the data is fully encrypted and backed up. Access to the data is fully logged and only the Partful technical team have access to the data for the purpose of ensuring your system is operating correctly.
On-Boarding of Data
Once data is received from the client, this CAD data is then segregated by-customer within our cloud platform. This storage is not accessible to anyone other than our web client and our technical team. It is fully encrypted.
The CAD data is ingested through our content toolchain, which produces a proprietary data format, which is a Partful file format for serving to the web client front end. The reason we have a proprietary file format is the model data is fully encrypted on the client.
Data Segregation
Data is segregated per customer, which means customer 3D data is held in separate data repositories. This segregation ensures that only the customers and allocated people from Partful have access to the actual 3D data.
Encryption
Client model data is loaded locally on the web client, this data is held in the client encrypted, which means unauthorised access to data is prevented.
Data Transmission
Data is moved from server to client using a RESTful API using Transport Layer Security (TLS) encryption using state-of-the-art encryption to keep your data secure.
This very same technology is used for Partful’s external API, which our team will help you integrate. The Partful technical team can provide further details of this.
4. Security
Security Compliance
Partful follows standard security practices which include daily scanning of the platform to ensure these standards are met and there are no security breaches. Our platform follows CIS security standards:
https://www.cisecurity.org/benchmark/amazon_web_services
Multi-Factor Authentication (MFA) is mandatory for all logins to Partful’s Cloud infrastructure.
Platform Scanning
The platform scanning for vulnerabilities occurs on a daily basis and is reported to the CTO. These are addressed as a top priority.
Authentication, User Management and Access
The following areas that allow access to the Partful platform:
- Clients access data through our Tenant portal
- Access to the cloud back end, which is only accessible by the Partful developer team
5. Tenant Access
This area provides access to your platform exclusively. It is where the allocated administrators can organise the user access to the Partful system. All users will sign in using the main login page, there is no other way to access the platform.
The technology behind the front-end sign is AWS Cognito. These users are managed in our AWS cloud platform in the background. This ensures industry-leading security for user management.
6. Cloud Back End Access
The application is powered by a cloud back end, this is only accessible by the Partful technical team, and the client web front end, via a RESTful API. To log into our cloud back end you have to be part of the Partful team, only the technology team and Partful senior management have access to the cloud back end. IAM Policies implement a Principle of Least Privilege for users and services.
7. Password Policy
Each user has a password set up with a strict policy for the number of characters, and type of characters and it expires every 90 days. Users are allowed to change their password, and the last 24 passwords are remembered and reuse is not allowed.
Users on Partful System
There are three kinds of user roles that can be allocated to the Partful platform:
- Partful
- Administrator
- Viewer
The Partful role is restricted to the Partful team only. The Administrator role is performing admin functions on the customer-specific tenant. The Viewer role can interact with the platform in the normal way, to view/edit parts, and use the work instructions.
8. Logging and Alerting
Partful has strict policies in place to ensure our platform provides comprehensive audit logs for all API activity and the activity of the logged-in users on the back end of the platform. This ensures that we protect fully against intruders or attacks on our platform.
9. Conclusion
Partful always looks to make constant improvements to the security of our platform and works with our customers to ensure we go above and beyond for their security.
Any questions about security please feel free to contact Partful’s support team at support@partful.io