What We Have To Say About Your Data Security

The 3rd core value of Asoriba is Integrity. And that translates into how we respect data security on our platform. As our Privacy Policy emphatically states:

WE DO NOT OWN YOUR CHURCH DATA. WE DO NOT SEND MESSAGES DIRECTLY TO YOUR MEMBERS WITHOUT YOUR OR THEIR EXPLICIT REQUEST AND ACKNOWLEDGEMENT.

As a Christian Technology Company, We focus on providing you with the right tools and technology which will help you grow your ministry  so that you don’t bother on the complexities involved in building such technologies.

Outlined below are some of the security layers we’ve incorporated to provide the best of services.

  • Hosting:

    Our application is hosted on Amazon Web Services (AWS). AWS is a globally trusted platform partner which have client companies like Dropbox,Netflix,Adobe, Airbnb, Alcatel-Lucent, AOL, Autodesk, Bitdefender, BMW, Capital One, Coursera, Docker, European Space Agency, Financial Times, General Electric, Guardian News & Media, Harvard Medical School, Hitachi, HTC, IMDb, International Centre for Radio Astronomy Research, International Civil Aviation Organization, ITV, Lamborghini, Lonely Planet, Lyft, McDonalds, NASA, News International,Nokia,Philips, Pinterest, Samsung, SAP, Scribd, Siemens, Slack, Sony, SoundCloud, Spotify, Tata Motors, The Weather Company,Ubisoft, UCAS, Unilever,USDA Food and Nutrition Service, UK Ministry of Justice, Vodafone Italy, Yelp among many others.

    WHY ASORIBA HOSTS ON AWS

    Amazon Web Services (AWS) is a collection of remote computing services (also called web services) that together make up a cloud computing platform. The most central and well-known of these services are Amazon EC2 and Amazon S3.

    AWS is a suite of hosting products that aims to take the headache out of traditional hosting solutions. In fact we feel that we are in a good neighbourhood by being on AWS.

    We are using AWS to host the web backend and front-end for our enterprise web application which usually runs on high traffic during the office hours and a bit of less traffic in the off hours.

    For transient events like this, AWS makes a lot of sense. The traffic is high during the day, and then will dwindle off, allowing us to manage the amount of server computation needed to host the backend without being tied into a yearlong contract, or paying for power we don’t necessarily need.

    I’ve compiled a few of our reasons for choosing AWS and explained them here. So let’s dive in and see why AWS is better than the competition, for big and small users.

    Performance

    There’s no denying the speed of AWS. The Elastic Block Storage is nearly as fast as the Simple Storage Service (S3), but provides different features. Their Elastic Compute Cloud (EC2) give Xeon-class performance on an hourly rate. The reliability is better than most private data centers in the world, and if there is a problem, you’re usually still online, but with reduced capacity.

    This has been widely tested using a beautiful application called Chaos Monkey, where by using this application it randomly powers down a component in your cloud environment. Then you could tell whether your application is still running or if it is brought down entirely. So in all cases the chaos monkey attempts to brings down the database and a web servers. The database which is a  Relational Database Server (RDS) service immediately switched to another database using the Multiple Availability Zone (Multi AZ) mechanism.

    In the web server scenario, when one web server is down then another web server is launched using the auto-scaling feature, so we finally concluded that AWS delivers High Availability Performance.

    In traditional hosting environments, this probably would have meant downtime and 404  (page not found) errors as the websites would have just gone dark. But in a truly cloud-hosted environment like AWS, there’s enough separation between processing and storage that sites can remain online and continue generating revenue even with reduced functionality. We host our sites through all the available zones and data centers and experience no problems.

    But the performance power of AWS is in the storage. The distributed nature of Elastic Beanstalk (EBS) and S3 yield millions of input/output operations per second to all instances. Think of it like having a raid array of  Solid State Drives (SSDs) attached to a particular computer. Add in incredible bandwidth, and you have a storage system that is capable of vast scaling, with the reliability of 99.999999999%.

    On the Go Pricing

    Amazon took a refreshing approach to pricing its hosting when launching AWS. Every service is “a la carte”, meaning you pay for what you use. This makes a lot of sense for server infrastructure, as traffic tends to be very bursty, especially the larger the site is.

    Traditional hardware, for the most part, goes unutilized for 90% of its lifecycle. AWS helps deal with this problem by keeping it cheap during the slow times. With this, it makes pricing our software comparatively cheaper.

    Deployment Speed

    If you’ve ever had to provision a hosted web service, you know this pain very well. Traditional providers take anywhere from 48-96 hours to provision a server. Then you have to spend a few hours tweaking it and getting everything tested.

    AWS shrinks that deployment time to minutes. We utilize the Amazon Machine Images (AMI), which can have a machine deployed  and updated and ready to accept connections in that short amount of time. This is important when, for example, we need to make a quick update due to a bug or minor feature request, or just need the flexibility to handle the demand when a new product launches.

    Security

    Access to the AWS resources can be restricted using the IAM (Identity and Access Management), using the roles in IAM we can define the privileges for user actions which greatly reduce any malpractices.

    AWS also provides Virtual Private Cloud (VPC), which can be used to host our services on a private network which is not accessible from the internet, but can communicate with the resources in the same network. This restricts the access to the resources such that any ill intentioned user from the internet.

    Flexibility

    The most important feature in AWS is its flexibility. All the services work and communicate together with our application to automatically judge demand and handle it accordingly.

    Combined with the fantastic Application Programming Interface (API) and the Amazon Machine Images (AMI) we create, we are able to have a completely customized solution that provisions a server instance in under 10 minutes, and is ready to to accept connections once it comes online. Then we can quickly shut down instances when they are no longer needed, making server management a thing of the past.

    2. Application Runs on Secure Socket Layer:

    Any time you visit our application, check your browser’s address bar. You’ll see https:// prepended to the address. It should be a standard practise for every software company which stores very sensitive data. All such applications should always have protected Hyper Test Transfer Protocol Secure (HTTPS), even if they don’t handle sensitive communications. Aside from providing critical security and data integrity for both our applications and your data you save, HTTPS is a requirement for many new browser features, particularly those required for progressive web apps.

    HTTPS helps prevent intruders from tampering with the communications between Asoriba and your browsers. Intruders include intentionally malicious attackers, and legitimate but intrusive companies, such as ISPs or hotels that inject ads into pages.

    Intruders exploit unprotected communications to trick your users into giving up sensitive information or installing malware, or to insert their own advertisements into your resources. For example, some third parties inject advertisements into websites that potentially break user experiences and create security vulnerabilities.

    Without the HTTPS technology, Intruders may exploit every unprotected resource that travels between Asoriba application and your browser. Images, cookies, scripts, HTML…, they’re all exploitable. Intrusions can occur at any point in the network, including a user’s machine, a Wi-Fi hotspot, or a compromised ISP, just to name a few.

    One common misconception about HTTPS is that the only websites that need HTTPS are those that handle sensitive communications. Every unprotected HTTP request can potentially reveal information about the behaviors and identities of our users. Although a single visit to one of our  apps may seem not harmful, some intruders look at the your aggregate browsing activities to make inferences about your behaviors and intentions, and to de-anonymize their identities. For example, employees might inadvertently disclose sensitive health conditions to their employers just by reading unprotected medical articles.

    On Asoriba, you won’t face any of such intrusions!

    3. Data is encrypted at Rest:

    All data you provide are encrypted before being stored in the database. That means that even we us providers can not view your sens in any readable format.

    Why we don’t provide offline/standalone applications.

    The Asoriba CRM is built to allow for easy use by all admins no matter where they, thus the service running on a cloud server is much suitable. The church’s following and members are able to make donations and contributions to the church wherever they are, this functionality (in most standalone installations) will not be available. Security is guaranteed with us and we take it upon ourselves to ensure that, your data and data of all our partners are kept safe, i.e we have the capacity to bear all data security risks.

    Inactive expiration after 5 minutes.

    The CRM automatically logs you out after 5 mins of inactivity. This is to ensure that no one uses your credentials on your computer to perform mischievous activities on your behalf.

    Two factor Authentication on Sign up

    We perform a two factor authentication with your phone number whenever  you sign up for Asoriba. This is to ensure that no one uses your identity to create an account on our system

    Testing across in house quality assurance team, singapore, south african.

    We perform series of testing before an update is deployed to all our platforms (web and mobile applications). Tests are performed by our in house quality assurance team, then to our partners in Singapore and South Africa.

     

                                    ~Drafted and Compiled by,

                                    Patrick Ohemeng Tutu,

                                    Chief Technology Officer,

                                    patrick@asoriba.com