There are now several Cloud providers available, in addition to Amazon Web Services (AWS). At Pipeliner, we chose to go with AWS over a decade ago and have remained with them ever since. Why have we done so? Continuing in our series on Pipeliner CRM security, here is our path and reasoning.
Original Data Center
Going back a couple of decades, to provide development and hosting to our banking compliance client World Check, we established our own complex data center with 50 or 60 rack-mounted Alpha and, a bit later, IBM servers. We had tremendous failover services, load balancing, and backup systems. There was considerable other hardware required—server cages, routers, bridges, disk drives, and high-speed cabling.
There are extensive resources required to operate such an infrastructure. We needed multiple contracts with hardware and software vendors. We had to have staff to run and care for everything in the site. People need to be available at all times to care for equipment failure or damage, as we couldn’t afford for the system to be down at any time.
Throughout this time, I was always keeping my eye out for services through which we could outsource our data center. Today the whole topic of outsourcing is obvious for everyone, but back then it wasn’t. Additionally, I had an expensive background in running a data center, so had precise requirements.
At the time, there were very few providers of that kind of service. There was IBM, to whom we were already connected. There was Microsoft and, representing one of the large European data centers, I flew to their Dublin site and toured their enormous data center. They actually used the cold ocean winds to cool their servers! It was quite impressive.
But Microsoft was a closed system, and I have recounted numerous times throughout my books and articles how, at the time, I was a very vocal advocate of open source. I contracted with the Austrian government to explore open source’s possibilities. I ended up in a public argument with Microsoft at a press conference on the subject, as they insisted that open source would never come to pass. Fast forward some years, and in 2018 they purchased the world’s largest open-source repository GitHub for $7.5 billion. Microsoft totally reversed its stance, and my prediction came 100 percent true.
Partnering with AWS
We jumped on AWS right from the beginning, now 12 or 13 years ago. Many didn’t know it at the time, but alongside Amazon, Jeff Bezos was also building Amazon Web Services, focused on supporting companies in utilizing the Cloud for easily building an infrastructure.
Today, we have our production infrastructure running in 4 AWS regions: Toronto, Sydney, Northern Virginia and Frankfurt. We have a staging environment in Dublin, at which we can stage our application and thoroughly test it.
Going with AWS made for a considerable reduction in our efforts and costs. We didn’t have to outlay money for hardware, negotiate with vendors, or hire staff to run the data center. I would say outsourcing has reduced our expenditures by 70 to 80 percent compared to doing it ourselves.
Another reason we chose AWS was that they already had robust security protocols and systems in place.
Data Retention and Backup AWS provide perimeters for us to follow regarding data retention and backup. In our case, we retain customer data for a maximum of 35 days. The entire database can be recovered at any time during this retention time.
If a customer requests that their data be totally removed from our system, the live database can be removed within a day of the request. Backup data would become available following the expiration of the 35-day retention period. Alternatively, a customer can choose to have backup data eliminated along simultaneously with the live database.
For a complete explanation of AWS data retention and backups, click here.
Data Segregation Between Clients AWS has a protocol whereby customer data is highly secure and separated, following the ISO 27001 security standard.
AWS allows the creation of a primary database instance, and then synchronously replicates it to different Availability Zones. This allows us as a CRM to have multiple data centers around the world—something not all CRM vendors offer. This means that data available to one region is not available in others. For example, European GDPR regulations stipulate that European data should not be available in North America.
Each customer space within our CRM application represents a separate database, along with a mirror of that database. If required, we can provide an additional layer of isolation. In that case, customer data would reside on a separate database server, associated with the CRM infrastructure.
Firewalls Our high-level firewall security is conducted with load-balancing WAF (Web Application Firewall), IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) technology.
If one of our customers has special firewall requirements, we can accommodate them in a separate dedicated environment.
Key and Secret Key Management For the management of private and secret keys, we utilize the AWS parameter store and encrypted Ansible Vault with audit/change log.
AWS Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. Within the Parameter Store can be stored data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes.
Ansible Vault utilizes encryption for the protection of sensitive content such as passwords and keys.
In our continuing series, I will further explain our security processes and how they provide the utmost protection of your CRM data.