Vosaic Security
Paul Oliver
October 12, 2016
We take security seriously at Vosaic. As we are constantly developing our video analysis tool, Vosaic, we also continuously evaluate and improve its security. To keep your data safe, we’ve implemented several strategies.
Strategy 1: Store Only What We Need
What does this mean?
The less we store about you, the less risk you have. We only ask for and record data that we need. In the unlikely event your data is stolen, we won’t have much to offer the bad guys.
We store only the essential information and protect all information we do store.
We don’t store more than we need to make Vosaic work for you. The less information we store, the safer your data will be. You can continue giving and receiving great video feedback in peace!
We don’t store your password in plaintext or encrypted form, instead we store a hashed and salted password that is impossible to reverse engineer.
We do not store your credit card information. We use a PCI-Compliant Level 1 (the most stringent level possible) third-party credit card tokenization vault to process recurring billing. Your sensitive payment information will be protected to the highest level.
Strategy 2: Encryption
What does this mean?
Encryption refers to scrambling the data so it looks like jibberish to everyone else.
All of your data, including video, markups, annotations, and analytics are protected through encryption.
We require all traffic to go through TLS (also called SSL). This uses the recommended 128 bit, SHA256 security. All traffic between Vosaic and the client must be encrypted; we will not send data over unencrypted HTTP (port 80).
All administrative tasks and traffic to our servers are handled through encrypted protocols.
Strategy 3: World-Class Physical Security
What does this mean?
What good is hiding your data if you leave the front door open? Physical Security requires guards, scanners, locks, cameras and other safeguards to keep the bad guys from walking up to our computers and taking information from them.
All data is securely stored and access to your data is restricted.
We use Amazon Web Services (AWS) to host our web application and all data. Amazon has comprehensive physical security. Full details: https://d0.awsstatic.com/white...
Developers can only access Vosaic resources from approved IP addresses. Only authorized Vosaic employees will have access to your data.
All sensitive information is protected using Multi-Factor Authentication (MFA). This includes, but is not limited to, servers, databases, and source code.
Our API is only accessible to Vosaic-approved clients. We can revoke access at any time.
Strategy 4: Sensible Limits
What does this mean?
We take precautions to limit what our systems can do, in the unlikely event they are taken over by someone with bad intentions.
Your data is connected to a unique ID and only retrievable through your login and the permissions tied to it.
All Vosaic servers are isolated in their own Virtual Private Cloud (VPC). We place our servers in different subnets based on their role to limit the access that an attacker could have in the unlikely event that a machine is compromised.
Users are only able to upload videos into their own private upload bucket.
Each call to our servers is checked to ensure that you are in the right organization and that you have the proper security permissions to perform an action.
The data is tied to an impossible-to-guess organization ID using a Globally Unique Identifier (GUID).
Strategy 5: Continuous Improvement
What does this mean?
The bad guys don’t rest. We are never done making our systems secure.
We practice the above measures and continue to assess new ways to enhance security.
We regularly perform code and security reviews.
Our servers are regularly patched and upgraded.
We stay current with security trends and measures to protect data.
