Security and Technology Overview

CorpU Uses World-Leading Security Solutions to Ensure That Your Data is Safe

Infrastructure Security


Overview

Corp/U takes the privacy and security of your company data very seriously. Our software and infrastructure is architected from the ground up with enterprise-grade security in mind in order to meet and exceed the strict security requirements of our customers. We understand that storing your data within a Cloud Infrastructure may be of concern, which is why Corp/U is committed to maintaining transparency and trust with our customers. Many of our customers, including the largest retail, consumer package goods, and financial companies in the world, perform regular and comprehensive information privacy and digital security audits on our process and infrastructure to ensure Corp/U meets the requirements of their most security-sensitive organizations.

We maintain trust and transparency with our customers, including the largest retail, consumer package goods, and financial companies in the world, by adhering to the strictest security practices.

How Do We Secure Your Data?

To meet the security, compliance and scale requirements of today’s enterprises and government agencies, Corp/U partners with Amazon Web Services (AWS), the most advanced Platform as a Service provider in the world; chosen by the US Department of Defense, leading banks, leading retailers and some of the world’s largest consumer-based software companies. Amazon personnel do not have logical access to any Corp/U hosts, applications or databases. Additionally, Corp/U encrypts data in transit (moving across the network) and encrypts all data at rest (sitting on a system or in a database) to prevent unauthorized personnel from gaining access to sensitive customer data. This strategic partnership with AWS allows our customers to benefit from the industry’s most comprehensive and innovative security architectures in the world. Learn more about AWS security.

AWS utilizes third-party certifying bodies and independent auditors to provide customers with information regarding policies, procedures and controls established and operated by AWS. Some of the most stringent audits, controls and certifications include:

  • FBI’s Criminal Justice Information Services (CJIS) standard.
  • Cloud Security Alliance (CSA)
  • Cyber Essentials Plus (UK Government-backed, industry-supported certification)
  • Department of Defense (DoD) Cloud Security Models Level 2 and 4
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Federal Information Processing Standard Publication (FIPS)
  • ISO 27001, ISO 27017, and ISO 27018
  • SOC 1/ISAE 3402, SOC2, and SOC3

We partner with Amazon Web Services (AWS), the most advanced Platform as a Service provider in the world to ensure that your data is as secure as possible.

Information Security

  • Powerful, standards-based architecture that addresses the common and distinct needs of both large, global and mid-sized organizations
  • Our commitment to security is carried throughout our System Development Life Cycle
  • Protect against any anticipated threats or hazards to the security and integrity of sensitive data
  • Protect against any security incident that creates a substantial risk of identity theft or fraud

Cloud Infrastructure

  • Delivers reliable, scalable, secure, and high-performance infrastructure required for next generation learning
  • Enables an elastic, scale-out, and scale-down infrastructure

Data Center Security

  • Physical hosting infrastructure has successfully completed multiple SAS70 Type II audits
  • Achieved ISO 27001 certification
  • Validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS)

Administrative Access Control

  • Access is limited to areas required based on job role
  • All Data transmission to and from systems is encrypted
  • Access to administer servers required an individual key of 2,048 bits or greater length
  • Access to servers is further limited by source IP address through bastion servers

Platform Application Security

  • Cross-site Scripting (XSS)
  • Cross-site Request Forgery (CSRF)
  • SQL Injection
  • JavaScript Injection
  • Clickjacking
  • Host Header Injection

Availability and Fault Tolerance


User Generated Content

  • User generated content is stored on auto-replicated network-connected storage that is replicated to multiple geographical regions
  • New files or file updates are auto-replicated to at least three in-region nodes before we indicate to the user that the file has been accepted
  • SAN durability: 99.999999999% (11 9’s)

Relational Database Servers

  • Database servers are deployed in a master/slave, real-time replication configuration with the slave in a separate city (same region)
  • Slave automatically becomes master if a failure happens
  • Additional read replicas ensure the durability of slaves

NoSQL Database Servers (MongoDB and Redis)

  • All database nodes belong in high-availability clusters
  • All clusters have nodes in at least three data centers