Security Measures for the Urban Airship Digital Growth Platform
Date: May 15, 2018 — Previous Version
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Urban Airship shall maintain appropriate technical and organizational measures for the Service to ensure a level of security appropriate to that risk, including, the measures described in this Appendix (the "Security Measures"). Urban Airship may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service.
“Customer Data” means electronic data and content provided to Urban Airship by Customer (or at its direction) via the Service.
“Service” means the Urban Airship proprietary SaaS (software as a service) platform specified in the applicable order.
“Security Incident” means any unauthorized access to the Service that results in unauthorized transmission, copy, disclosure, alteration or loss of Customer Data.
- Information Security Program and Attestations
Urban Airship will maintain an information security program (including the adoption and enforcement of internal policies and procedures), designed to (a) satisfy these Security Measures, (b) identify reasonably foreseeable and internal security risks and unauthorized access to the Service, and (c) minimize security risks, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Urban Airship Service is assessed annually by an independent third party against the SSAE-18 SOC II security standards and covers the Security and Availability trust principles.
- Access Controls
(a) Data Center Security.
- Urban Airship uses Amazon Web Services (AWS) and Google Cloud Platform (Google Cloud) to provide infrastructure services to host and operate the Service. By using AWS and Google Cloud, Urban Airship is able to take advantage of their sophisticated security environment.
- Data centers used for the Service maintain on-site security operations responsible for all physical data center security functions 24 hours a day, 7 days a week. These data centers are Tier 3 SOC 2 Type 2 certified computing facilities with controlled access and video surveillance.
(b) Logical and Data Access Controls.
- Infrastructure Security Personnel. Urban Airship’s infrastructure security personnel are responsible for the ongoing monitoring of Urban Airship’s security infrastructure, the review of the Service, and security incident response.
- Privilege Management. Customer’s administrators must authenticate themselves via the Service in order to administer the Service.
- Internal Data Access Processes and Policies. Urban Airship’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process data on the Service. Urban Airship designs its systems for the Service to (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that data cannot be read, copied, altered or removed without authorization during processing, use and after recording.
- Access Management. Urban Airship employs a centralized access management system to control personnel access to production servers for the Service, and only provides access to a limited number of authorized personnel. Central network-based authentication systems are designed to provide Urban Airship with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information for the Service. Urban Airship requires the use of unique user IDs, strong passwords, two factor authentication and access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks based on least privilege; and a need to know basis. The granting or modification of access rights must also be in accordance with Urban Airship’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include multi-factor authentication, restrictions on password reuse and sufficient password strength.
- Access Controls. Security events for the Service, including login failures, use of privileged accounts, changes to access models or file permissions, modification to installed software or operating systems, changes to user permissions or privileges are logged on the relevant systems. Logs are generated through monitoring and alerting systems, and are held from 30 days to 1 year depending on the system generating the logs.
- Network Security
(a) Data Transmission. Urban Airship makes HTTPS encryption (also referred to as TLS connection) available for data in motion. Clear text HTTP connections to the Service are disabled by default.
(b) Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Urban Airship intrusion detection involves:
- controlling the size and make-up of Urban Airship’s attack surface through preventative measures;
- employing intelligent detection controls at data entry points; and
- employing technologies that automatically remedy certain dangerous situations.
- Application Security
(a) Software Development. Urban Airship employs a static code review process to increase the security of the code used to provide the Service. This code is reviewed and approved based on peer review prior to staging the code. All development for the Service is based on Secure Development Lifecycle (SDLC) model.
(b) Standards Compliance. Urban Airship follows OWASP Top 10 best practices and Cloud Security Alliance (CSA) standards.
- Operational Security
(a) Redundancy. Infrastructure systems are designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks and other necessary components help provide this redundancy.
(b) Server Operating Systems. Urban Airship servers use a Linux based implementation customized for the application environment. Industry best practice hardening standards are used. Data in the production environment is stored using proprietary algorithms to augment data security and redundancy.
(c) Businesses Continuity. Urban Airship replicates data over multiple systems and locations to help protect against accidental destruction or loss of data in the Service. Urban Airship backs up the Service at least on a daily basis to a separate geographic location from the production servers for the Service. Replicated data is stored at rest in AES256 encrypted format. Urban Airship has designed and regularly plans and tests its business continuity planning/disaster recovery programs.
- Customer Data
(a) Data Storage and Isolation. Urban Airship stores Customer Data in a multi-tenant environment on public cloud servers. Urban Airship also logically isolates Customer Data in the Service. Urban Airship conducts tests on a regular basis to confirm logical isolation.
(b) Data Deletion. After 90 days following termination of Customer’s contract for the Service, Urban Airship will delete all Customer Data in the production servers of the Service. In addition, certain Customer Data will be deleted on an ongoing basis in accordance with the Urban Airship Data Retention Schedule.
(c) Location. Data centers used for the Service are located in the United States, and all Customer Data is stored in the United States. By using the Service, Customer consents to storage of Customer Data in the United States, which may include transfer of Customer Data to the United States.
- Security Incident Management
If Urban Airship becomes aware of a Security Incident, Urban Airship will notify Customer without undue delay of the Security Incident, and take reasonable steps to minimize harm and secure Customer Data. Notification(s) of any Security Incident will be delivered to the email address provided by Customer in the Agreement or in the admin console of the Service. Customer acknowledges that it is solely responsible for ensuring that the contact information set forth in the Agreement (or in the admin console of the Service) is current and valid. Customer agrees that “Security Incidents” do not include: (i) unsuccessful access attempts or similar events that do not compromise the security or privacy of Customer Data, including pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems; or (ii) accidental loss or disclosure of Customer Data caused by Customer’s use of the Service or Customer’s loss of account authentication credentials.
- Personnel Security
(a) Background Checks. Urban Airship conducts appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
(b) Employee Training. Urban Airship employees are required to (a) execute a confidentiality agreement; (b) undergo annual security training, and (c) if handling Customer Data, complete additional requirements appropriate to their role.
(c) Employee Code of Conduct. Urban Airship employees are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.
- Privacy by Design
Urban Airship employs Privacy by Design and Privacy by Default principles in its development and operations processes.
- Authorized Subprocessors
(a) Subprocessor Security. Prior to onboarding subprocessors, Urban Airship conducts a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of subprocessors to assess that subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Subprocessors are re-authorized upon contract renewal or on an annual basis.
(b) Subprocessor List. Current list of subprocessors is available here.