The simplest and easiest way of keeping a secret is by not knowing it in the first place. This is why our customers can be completely secure in the privacy of their data, as we neither need to look at nor can we look at any customer data on any application which we manage (we’ll look closer at the encryption process later).
Security of data on the applications we handle is of paramount importance to both us and our customers. In order to ensure your data is held in the most secure way possible, we have created our security strategy and architecture in cooperation with the AWS SaaS security team.
Here are the key points of our security process:
- We never extract any data from customers’ AWS accounts.
- Workloads we handle are encrypted twice to ensure security – we secure web traffic heading to our platform with 256-bit DigiCert High Assurance EV CA-1 SSL. Once on our platform, we re-encrypt using a GPG RSA 3072-bit algorithm to ensure the highest level of security.
We never access data on the VM or the applications we handle. We do not have root access to the machine nor do we know the applications it runs. The data itself is handled and managed by the Cloud Service Provider (CSP). Each of the CSPs we operate have rigorous security processes and certifications. You can find out more about Amazon’s Cloud Security here, Google’s Cloud Security here and Azure’s Cloud Security here.
In order to manage Spot Instances on your behalf, Spot by NetApp requires the ability to create, purchase, replicate and snapshot the underlying VMs upon which applications run. This means that we need to be authenticated to do this process. While setting up your Spot by NetApp Account, we use a Cloud Formation stack to register our IAM Role Policy (see below) in your AWS account. This Policy holds permissions that are needed for Spot by NetApp’s account to handle your AWS resources. You can find a guide to setting up Spot by NetApp and IAM Roles here.
This authentication is done through standard secure Cross-Account Roles to access your AWS account. The role includes a restricted list of policy, which you can further limit based on the AWS Resource or apply conditions to restrict it to a specific region or VPC based on tags. For how to restrict your Spot by NetApp IAM policy, see our tutorial.
We at Spot by NetApp do not use private keys, passwords or security tokens (all of which might lead to potential weaknesses in security). Instead, we authenticate using IAM Cross Account Roles and UUID External IDs during a 3 step authentication process.
How does it work?
- Step 1: The customer authenticates using a secure website. This website’s traffic is protected using the process mentioned above (the 256-DigiCert etc.). This ensures safety when any data is on route to our console.
- Step 2: The data is received by the Spot by NetApp servers. As it moves from the Management Console to the API Service is it re-encrypted, this time using GPG RSA 3072-bit.
- Step 3: Now our software communicates with our customer’s account using an IAM Cross Account Role and UUID External IDs. This means that only Spot by NetApp can interact with your applications using an external ID generated for you upon registration. This is the recommended approach from AWS. Also at any time, if you do wish you have the control to simply revoke all access by deleting this role.
IAM Cross Account Roles and UUID External IDs
IAM (Identity Access Management) Cross Account Roles are ways to allow a different account access to certain elements of your account. Basically, these are something like virtual permissions given by your account to let an outsider make changes to how that account is being used whilst ensuring that that outsider alone has access. This means that means when you manage Instances through our platform, you are letting us move and manage your instances for you, whilst being certain that we will be the only ones doing so. You also have the ability to restrict Spot by NetApp access based on VPC, tags or a region. See restrict policy here.
UUID (Universally Unique Identifier) External IDs are identifications which are unique between two users. Think of them as virtual codenames or a secret handshake known only to the two parties involved (codenames which can be any variation of numbers and letters, meaning they cannot be guessed).
Using UUID External IDs and IAM Cross Account Roles together means that your account is still completely secure whilst we at Spot by NetApp can do our work. With the IAM Cross Account Roles establishing only Spot by NetApp and you as users who can access the account and then with the UUID External IDs certifying any access can only be gained by Spot by NetApp software, customers can be secure in the knowledge that their account is completely safe from any unwanted interference.