We build in the Amazon cloud as they have outstanding physical security practices, ensuring that your data is protected by industry-leading measures. Each customer has the SimpleRisk application and database provisioned inside of a dedicated Docker container, which provides an isolated environment for your application and its data. This isolation not only enhances security but also ensures that resources are optimized specifically for your needs.
To maintain a high level of security, command line access to the container is restricted to only the Docker host system. This means that only authorized personnel can interact directly with the container's command line interface. Additionally, SSH access to the Docker host system is tightly controlled; it is only allowed from a single bastion host, which acts as a secure gateway. Access to this bastion host is further protected by requiring the proper key and password, adding an extra layer of authentication.
From the Internet, only the web server tier is accessible via port 443 for secure HTTPS traffic (and port 80 for HTTP redirects). This configuration minimizes exposure to potential threats from external sources. We also use a wildcard SSL certificate, which simplifies the management of secure connections across multiple subdomains, and we employ an "A-rated" SSL configuration as assessed by SSLLabs, ensuring that your data is encrypted and transmitted securely.
The web server tier functions as a sophisticated HTTP proxy server. It is specifically configured to intelligently redirect requests to the appropriate Docker container based on the hostname. This architecture not only streamlines the handling of incoming requests but also enhances the overall performance and responsiveness of the SimpleRisk application, ensuring that you have a seamless user experience while maintaining robust security practices.
