MobileO2 Application Security
We employ a full suite of secure software development activities and controls.
We carefully segment each of these technology layers via network and access controls.
Within the code itself, our development team leverages as many of the security functions
that are made available by the Java framework. Our code is tested via static analysis and
black box scanning prior to being deployed to our production environment.
In addition to our secure development methodology, MobileO2 deploys a number of controls
to protect the confidentiality and integrity of our customers and their data. Some of these
controls include but are not limited to:
Data at rest encrypted using AES 256
User passwords stored in one way salted hash
Centralized logging & alerting
All-network traffic encrypted via SSL and SSH
All application traffic over SSL/TLS
Three-tiered architecture/ compartmentalized & firewalled
Data Center Operations: Physical and Environmental Controls
We are proud to be an Amazon AWS partner. Consequently, MobileO2 is able to leverage the built-in
Amazon AWS infrastructure security as follows:
AWS Security Center
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud
computing environments available today. It provides an extremely scalable, highly reliable solution
that enables customers to deploy applications and data quickly and securely.
With the AWS cloud, not only are infrastructure headaches removed, but
so are many of the security issues that come with them. AWS’s world-class,
highly secure data centers utilize state-of-the art electronic surveillance
and multi-factor access control systems. Data centers are staffed 24x7 by trained
security guards, and access is authorized strictly on a least privileged basis.
Environmental systems are designed to minimize the impact of disruptions to operations.
And multiple geographic regions and Availability Zones allow you to remain resilient in
the face of most failure modes, including natural disasters or system failures.
The AWS virtual infrastructure has been designed to provide optimum availability while
ensuring complete customer privacy and segregation. For a complete list of all the security
measures built into the core AWS cloud infrastructure, solutions, and services, please read
our Overview of Security Processes whitepaper.
Built-in Security Features
Not only are your applications and data protected by highly secure facilities and infrastructure,
but they’re also protected by extensive network and security monitoring systems. These systems provide
basic but important security measures such as distributed denial of service (DDoS) protection and
password brute-force detection on AWS Accounts. Additional security measures include:
Secure access – Customer access points, also called API endpoints, allow secure
HTTP access (HTTPS) so that you can establish secure communication sessions with
your AWS services using SSL.
Built-in firewalls – You can control how accessible your instances are by configuring
built-in firewall rules – from totally public to completely private, or somewhere in
between. And when your instances reside within a Virtual Private Cloud (VPC) subnet,
you can control egress as well as ingress.
Unique users – The AWS Identity and Access Management (IAM) tool allows you to control the
level of access your own users have to your AWS infrastructure services. With AWS IAM, each
user can have unique security credentials, eliminating the need for shared passwords or keys
and allowing the security best practices of role separation and least privilege.
Multi-factor authentication (MFA) – AWS provides built-in support for multi-factor authentication
(MFA) for use with AWS Accounts as well as individual IAM user accounts.
Private Subnets – The AWS Virtual Private Cloud (VPC) service allows you to add another layer of network
security to your instances by creating private subnets and even adding an IPsec VPN tunnel between your home
network and your AWS VPC.
Encrypted data storage – Customers can have the data and objects they store in Amazon S3, Glacier, Redshift,
and Oracle RDS encrypted automatically using Advanced Encryption Standard (AES) 256, a secure symmetric-key
encryption standard using 256-bit encryption keys.
Dedicated connection option – The AWS Direct Connect service allows you to establish a dedicated network
connection from your premise to AWS. Using industry standard 802.1q VLANs, this dedicated connection can
be partitioned into multiple logical connections to enable you to access both public and private IP
environments within your AWS cloud.
Isolated GovCloud – For customers who require additional measures in order to comply with US ITAR regulations,
AWS provides an entirely separate region called AWS GovCloud (US) that provides an environment where customers
can run ITAR-compliant applications, and provides special endpoints that utilize only FIPS 140-2 encryption.
Dedicated, hardware-based crypto key storage option – For customers who must use Hardware Security Module (HSM)
appliances for cryptographic key storage, AWS CloudHSM provides a highly secure and convenient way to store and
Trusted Advisor – Provided automatically when you sign up for premium support, the Trusted Advisor service is a
convenient way for you to see where you could use a little more security. It monitors AWS resources and alerts you
to security configuration gaps such as overly permissive access to certain EC2 instance ports and S3 storage buckets,
minimal use of role segregation using IAM, and weak password policies.
Because the AWS cloud infrastructure provides so many built-in security features, you can simply focus on the security
of your guest OS and applications. AWS security engineers and solution architects have developed whitepapers and operational
checklists to help you select the best options for your needs and recommend security best practices, such as storing secret keys
and passwords in a secure manner and rotating or changing them frequently.
MobileO2 Design and Development
At MobileO2 we take the security and privacy of your data very seriously. We make every effort to help ensure that
your data stays protected whenever you use our products or services. The summarized list shown below are some of the
key ways that our MobileO2 service has been designed and developed to better protect your data.
Defense in Depth design
Secure Defaults design
Reduced Attack Surface design
Automated data protection for data at rest
Automated data protection for data in transit
Automated data expiration and availability