Security Policies & Controls
Data Access & Security
PowerBoard has read only access for your cloud account through IAM role it creates during customer on-boarding process. It collects data related to resources, such as billing and usage data that are provisioned along with services that are used in your cloud account. It does not have access to any data that is stored in any storage services on your cloud account. PowerBoard also does not have access to any data stored or operating system in any of the servers in your cloud account.
All the data collected from customer account is stored only in PowerBoard’s production environment. Data is backed up periodically and all backups are stored only on production environment. Production data is never replicated, stored or transferred outside of production environment.
All data is stored in Northern Virginia, USA location. If you want your data to be stored in a different geographical location, please send us an email request and we will store it in your preferred geographical location, within 15 days of your approved request.
Infrastructure for PowerBoard App
There is a total of 3 environments, namely development, staging and production. All the environments are hosted on AWS cloud platform. Policies are in place to segregate and control access to each environment, following the principles of “least privilege” access only.
PowerBoard operations team uses multiple tools and platforms for Distributed Denial of Service (DDoS) protection and 24x7 monitoring of Firewall activity. This includes an Intruder Detection System (IDS) for the production SaaS environment with real time monitoring and alerting on abnormal behavior. Alerts are monitored 24x7 by PowerBoard operations team.
Login Security/Password Policy
When users log into their Powerboard instance using their Username and password, Powerboard requires a minimum password compliance.
- Password minimum length of 10 characters
- Containing uppercase and lowercase characters, at least 1 digit and 1 symbol
- Cannot use any of the last 16 historical passwords
- Passwords expire every 90 days
- Automatic account lock-out will occur after 3 failed login attempts
Passwords are secured using a one-way hash algorithm.
Access Control
All customer data is always secured and protected through automated security controls. Customer data, servers and other services in production environment are accessible only to a handful of Loves Cloud’s employees, who are experienced, authorized and highly qualified to understand sensitivity of customer data and its usage.
All access details to production systems is logged, monitored and audited periodically to ensure continuous compliance of access control policies. Access credentials are rotated on a predefined frequency.
Third Party Access
Customer data in very limited cases is shared only with third-party service providers acting as our agent, such as a user's email address for an email delivery provider and in strict compliance with signed service agreements.
Physical Security
Customer data is never replicated outside of the production environment and is never replicated onto employee workstations. Because of this, Powerboard relies on the cloud infrastructure for physical security compliance. The virtual and physical servers are in AWS. Production critical data is never stored on physical media outside of the cloud provider's production environments.
Encryption In-Transit
Powerboard uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128¬-bit Advanced Encryption Standard (“AES”) encryption. This includes all data sent between the web, Powerboard application, and the Powerboard servers. All customer connections are made securely over HTTPS.
Removing Customer Data from PowerBoard
You can remove your data from PowerBoard, either in case of termination of contract or sending a request through email at PowerBoard’s email address. It will take up to 30 days to remove data belonging to a customer, including current data as well as backup of data on production environment.
Maintenance Policies
PowerBoard will notify users for maintenance windows in case of planned maintenance well in advance. These maintenance windows will ensure least impact on users’ productivity. However, in case of an emergency maintenance, due to unforeseen circumstances, PowerBoard team will carry out maintenance while announcing it on email as much in advance as possible. During this time, it is possible that some of the users might experience downtime for PowerBoard app till the time maintenance is carried out and services are restored.
How To Contact Us
If you want to send us a note, please contact us at powerboard@loves.cloud