ProNavigator’s engineering teams are dedicated to delivering robust, performant solutions that are secure by design.
To achieve this, we adhere to the following principles when designing and building our products:
ProNavigator allows federated identity management to provide access to our application. Each authenticated session only needs to be requested by the user once to reduce the number of locations where credentials are stored and the number of transactions containing such information across the internet.
Every user session and activity is securely logged for security forensic analysis and management.
Every single bit of data that is stored in ProNavigator’s servers is encrypted with minimum AES-256 and we continuously update all of our services to be in compliance with the latest encryption standards in computer networking. We take extra precaution and ensure that only the employees that need access will have access to data at rest and additional training is conducted to adhere to those applicable. ProNavigator’s security team actively reviews computer logs to ensure that sensitive information is never logged. ProNavigator also takes further precautions by encrypting logs from all of our resources.
Internal and external data that is in transit across ProNavigator’s services are completely encrypted with TLS 1.2 or better and we continuously update our computer network with the latest encryption standards to remain compliant and secure.
Commercial grade penetration testing is conducted regularly on our services by trusted third-party vendors. Penetration testing is an ethically simulated cyber attack against ProNavigator’s cloud services to check for possible vulnerabilities. To reduce our susceptibility to attacks, ProNavigator minimizes the number of public-facing endpoints (APIs, servers) and stores the internal micro-services behind a virtual private cloud.
ProNavigator stores thousands of documents and user accounts which contain PII data. Customer Documents are assumed to contain PII and IP data and are therefore stored outside regular storage, in segregated storage by client. User accounts are stored in a secure authenticated database, and are only accessible by authorized users. All PII is encrypted at rest and in transit, and deleted within 90 days of service termination.
ProNavigator ensures the data privacy of all account credentials by eliminating plain text storage for passwords and instead, employs the best practices in salting and hash passwords before storing it within our servers. ProNavigator owns the user authentication and can fully ensure that sensitive information never leaves the virtual private cloud or is passed to third-party vendors.
In addition to regular third-party penetration testing, we also have continuous security assessments done by our security personnel. We maintain detailed risk assessment and mitigation policies that are regularly reviewed and updated.
ProNavigator regularly backs up data into AWS snapshots. All backups are encrypted in transit and at rest. Employees must gain a security clearance to access data for the limited time that they need the data for. Our data backups, securely encrypted and kept behind a virtual private cloud, are solely used for disaster recovery and are not used for any other purposes.
Core production services are deployed in high availability configurations within Amazon Web Services. Depending on the owner of the data, we locate zones that we are permitted to. These zones are used to avoid massive outage scenarios and are geographically located in different areas — interconnected but highly redundant. To further assist this, ProNavigator uses serverless architecture by breaking down cloud resources into small computing units that can be scaled accordingly — redundant and failover. These components are carefully designed so that in the event of an outage, it would be possible to failover to a second region.
Reach out to our team if you would like to learn more about our security at security@pronavigator.com