This document is intended for customers of Cape Pack who would like to use the cloud for managing their Cape solutions.
Cape users have used Cape Pack traditionally to manage their solutions on their local machines. However with Cape Pack on the cloud, the user would upload their solution for Cape Pack classic to the cloud and would have to manage their solutions online. This document addresses the most commonly asked questions related to the checks and balances in place to safeguard customer data which is not on premise.
Where is our data physically located?
The application is hosted on Amazon Cloud in the US West region (Oregon). The zone is “us-west-2”.
How can we ensure that the communication is secure?
The communication between the client (browser) and the server is over HTTPS. To understand this in short, the data is encrypted using a public key and this can be decrypted using a private key which is available only on the server.
This diagram below attempts to demystify at conceptual level what happens when the user types “https://cape.eskocloud.com”.
This means an eavesdropper can see that data is being exchanged but without the private key the encrypted message cannot be decoded, thereby keeping the data secure.
Can the private key be retrieved from the server?
Sufficient safeguards are in place to keep the access to the server limited.
- The server resides in a VPC and all external access must go via a bastion.
- The access to this bastion is limited to IT administrators only (based on internal Esko IT Policy) in the organization and they will need a different set of keys to reach the Bastion Gateway.
- Reaching the Bastion Gateway does not guarantee access to servers in the VPC since each server is also password protected.
For more details on the VPC in AWS please refer to https://aws.amazon.com/vpc/
What happens after the user is directed to the Cape Pack website?
The user is directed to a login page to authenticate. This requires the user to use their Esko ID and password to login. The communication here again is over HTTPS. Once the user is authenticated successfully with his/her Esko ID, a session is created and the response is sent back to the client. The client on successful authentication receives some information that is valid for the session.
The token and the cookie are cycled and do not repeat.
The session information stored in the server/database contains the following important information to identify the user and company for which the session has been created:
- Username used to login
- Company Code
- The session token – each session has a different token
Any request made from the client must include both the token and the cookie for the subsequent requests to succeed. All REST requests whose responses contain dynamic content require authorization.
It is imperative that both the token and cookie are mandatory and valid to obtain the required information.
Failure to have any one of them is invalid and will result in an error.
How can I be assured that someone else will not have access to my data?
To explain this we will need to start with what happened to the data sent to Cape Pack on the cloud. The user can receive information only if it is uploaded successfully and stored. So let us begin our explanation from where the user uploads a Cape Pack solution to the cloud from the Desktop.
When the user uploads a solution, the person is required to log in. Only if authenticated successfully will the content get uploaded. While getting uploaded, the content is stamped with information regarding the user such as the mail ID (used to login) of the person, the company to which the person belongs.
When the user logs in to the cloud environment on the browser and is authenticated successfully, the information regarding the company to which the person belongs to is also returned to the client software from the server. The client then makes a request to get the list of solutions. The request is made with a valid session token, the company code and User ID (email address used to login). This company information supplied in the request ensures that only solutions for that company to which the user belongs to is retrieved from the database by the server. The information stamped during upload is used to strictly limit the solutions that can be retrieved. This ensures that only someone from the same company can access the data belonging to that company.
Direct access to the database is also restricted. It sits in the private subnet behind the bastion. It also requires a user name and password to access any information. These credentials are in a configuration file on the application server.
How do you manage back-ups?
Full data backups are taken every night at 0:00 UTC.
The backups are retained for a week. To protect the users data in case of disaster the data is backed up every 24 hours, ensuring that users can never lose data more than 24 hours even in case of a system disaster.
Can my solutions be restored if they are deleted accidentally?
At this point in time, the solutions once deleted cannot be retrieved.
What steps do you take to protect against infrastructure failures?
An automatic monitoring system checks the health of all of the components of the Cape Pack cloud solution and will notify Esko’s Operations team as soon as there is a fault. In most cases the service can then be brought back on-line within a few minutes. For more details on the service level offered, please refer to the appropriate SLA.