Enterprise Security Checklist
Everything you need to know about enterprise security provided by Artwork Flow. Your data safety and security is our primary responsibility.
Artwork Database secures your data by encrypting data-in-transit with Transport Layer Security. Encryption (SSL/TLS) is enforced by default.
The database uses the FIPS 140-2 validated cryptographic module for storage encryption of data at rest. Data, including backups, are encrypted on disk, with the exception of temporary files created while running queries. The service uses the AES 256-bit cipher included in Azure storage encryption, and the keys are system-managed. Storage encryption is always on and can't be disabled.
Backup and Restoration
The system takes backups at a frequency of every day. Backups are retained for 35 days
Every action taken in Artwork Flow Infrastructure is recorded and stored in the form of logs. These logs have information on the IP address, who made the request, when was it made, and other details.
File storage security
Access and Security
- All the artwork files are stored in a secure S3 bucket on Amazon Web Services (AWS)
- All S3 objects are private by default. In the case of Artwork Flow, these objects can be accessed only by the Artwork Flow application layer
- Artwork Flow uses the pre-signed URL method which gives you access to the artwork file identified in the URL, provided that the creator of the pre-signed URL has permission to access that file. Only the application layer of Artwork Flow has the authority to generate these pre-signed URLs.
- Artwork Flow uses its own credentials to generate pre-signed URLs and these are time-bound, expiring in 30 mins.
- All Artwork Flow files are encrypted using CMK which ensures only authorized users are able to access the files. This way we manage the segregation of data by an entity at the application layer
Monitoring and Logging of Storage Files
- Server access logs provide detailed records about requests that are made to a bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits
- All network calls are secured over HTTPS
- A secured token is used on every API call, this is currently done using JWT