The Secure Design Principles That Guide Signiant
Secure Design Principles and Service Operations
Signiant recognizes how critical our products and services are to our customers, an awareness that is reflected in an organization-wide commitment to information security and resilience. The highly secure architecture of all of our products is the result of consistent application of secure design principles, which are also reflected in operational policy and procedures.
Key secure design principles include:
Well Defined Trust Model
A well-defined trust model clearly defines the trust assumptions made by the system. No interaction is possible without some basis of trust and, as such, it should be well understood where trust assumptions are being made and how trust assumptions are connected.
The Open Design principle is a related concept, which states that the integrity of the system should not be dependent on the secrecy of the design or implementation. Although the integrity of the implementation should be verifiable, the basis of trust should always be external to the implementation.
Every task in the system should be performed with the least privileges possible both in terms of scope of resources that can be accessed and the duration of time that resources can be accessed. A corollary of least privilege is that mechanisms used to control access to resources should never be shared.
Secure by Default
A system is secure by default when the default settings put the system in a secure state. The psychological acceptability design principle is related and states that designers should attempt to make allowed access to resources as easy with security mechanisms in place as without.
This principle ensures that security features aren’t circumvented for the sake of convenience and recognizes that usability and human factors are key components of secure design.
Defense in Depth
A defense in depth design strategy involves layering security controls for the system such that multiple security compromises are required to gain access to critical resources.
Fail-safe design is a related principle and stipulates that when components of the system fail, the system should remain in a secure state.
Operational policies and procedures are key to the security of any SaaS offering. Signiant operational policies and procedures are established in accordance with industry standards for service organization controls. Connectivity between the production service environment and Signiant business operations is restricted in accordance with the least privilege and defense in depth principals.
Fully independent production and development Flight environments are also maintained. This section of the paper highlights some of the operational controls in place for production elements of the cloud environment.
All Signiant services and infrastructure are hosted by Amazon Web Services (AWS). AWS maintains strict physical access policies that utilize sophisticated physical access control mechanisms.
Environmental controls such as uninterruptable power and non-destructive fire suppression are integrated elements of all data centers. Signiant uses multiple geographically distributed data centers as part of a comprehensive disaster recovery strategy.
Access to production infrastructure is managed on a least privileges basis and is limited to the Signiant operations team. Background checks are performed and security training is provided to ensure the background and skills of the operations staff are consistent with the security objectives. Sensitive product service data stored in service databases never leaves the production system and access is controlled according to least privilege principles.
Firewalls rules are maintained so that production systems can only be accessed for maintenance from defined Signiant locations using secured access mechanisms. Systems are maintained in a hardened state with defined baselines for all host and network equipment.
All changes to systems are tracked and managed according to well-established change management policies and procedures. The patch level of third-party software on systems in regularly updated to eliminate potential vulnerabilities.
Breach Detection and Response
Signiant utilizes network intrusion detection and host integrity management tools to continuously monitor the state of the system. Availability of the system is also continuously monitored using external monitoring tools. System logs are aggregated and archived centrally, facilitating both continuous analysis for suspicious access patterns and future forensic analysis. Regular external vulnerability scanning is also performed.
In the event of a breach, Signiant has the ability to isolate components of the system to contain the breach and maintain ongoing operations. Signiant’s incident response team is at the ready to notify customers of security or service impacting events according to defined notification policies.