PolicyCo employs a modern architecture with partners AWS and ElasticSearch to deliver a secure and compliant environment capable of scaling to the needs of your enterprise.
All data at rest is encrypted and all data in transit is encrypted.
Users are authenticated with traditional password credentials, Google Auth using AWS Cognito. Data arrives as users write procedure and policy language as well as through the posting of evidence. Evidence may include any text or binary file format. When a client first connects, the front-end files are delivered via CloudFront to the browser. This data arrives exclusively via https TLS 1.2 / 1.3. This frontend code comprises the presentation layer and communicates with the backend code via API Gateway with Lambda functions tied to them. These Lambda functions interact with ElasticSearch for storing database elements and appropriate meta-data. Other specialized Lambda functions interact with S3 to Create, Update and Delete S3 objects for evidence.
CloudFront exposes only port 80 and port 443. Port 80 is exposed only to redirect to 443.
We do not maintain physical servers. The entire platform is architected around a serverless environment.
AWS Services Utilized
CloudFront - Hosting frontend code
API Gateway - Deliver API requests to Lambda functions
Lambda - Execute API requests and interact with the DB and S3
S3 - Store objects
ElasticSearch - Store meta-data and content
Cognito - Authentication services
Data Center us-east-1
7600 Doane Dr.
Manassas, VA 20109
Data Center us-west-2
91088 Ball Ln,
Grass Valley, OR 97029
Code versioning is maintained at github utilizing private/public keypairs. No credentials are stored in the codebase.
Access granted to: VP Engineering, Senior Application Developer
PolicyCo utilizes a JSON Web Token in order to prove that a user has been properly authenticated. This token also identifies which resources the user can access. As the user navigates through the application, the token is referenced in every request in order to validate these resources.