Airship Security Measures
For Airship Customer Engagement Platform and Apptimize Platform
Date: November 15, 2019 — Previous Version
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Airship shall maintain appropriate technical and organizational measures for the Service to ensure a level of security appropriate to that risk, including, the measures described in this document (the “Security Measures“). Airship may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service.
“Airship” means Urban Airship, Inc. d/b/a Airship, and its operating divisions, subsidiaries, affiliates and branches.
“Customer Data” means electronic data and content processed by Airship via the Service, or provided to Airship by Customer (or at its direction) via the Service.
“Data Breach” means a breach of security of the Service leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on the Service.
“Service” means the Airship Customer Engagement Platform and the Apptimize Testing Platform.
“SOC2 Report” means a confidential Service Organization Control (SOC) 2 report (or a comparable report) on the Service examining logical security controls, physical security controls, and system availability, as produced by a Third Party Auditor in relation to the Service.
“Third Party Auditor” means an Airship-appointed, qualified and independent third party auditor.
2. Information Security Program and Attestations
Airship will maintain an information security program (including the adoption and enforcement of internal policies and procedures), designed to (a) satisfy these Security Measures, (b) identify reasonably foreseeable and internal security risks and unauthorized access to the Service, and (c) minimize security risks, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Airship Customer Engagement Platform is assessed annually by a Third Party Auditor who issues a SOC2 Report, and commencing in Q1 2020, the Apptimize Testing Platform will be assessed annually by a Third Party Auditor for a SOC2 Report. Subprocessors are not included in the Airship SOC2 Report.
3. Access Controls
(a) Data Center Access Controls.
- Cloud Data Centers. Google Cloud Platform (Google Cloud) and Amazon Web Services (AWS) are used to provide infrastructure services to host and operate the Service. By using AWS and Google Cloud, Airship is able to take advantage of their sophisticated security environment.
- Physical Access Control. Cloud data centers used for the Service maintain on-site security operations responsible for all physical data center security functions 24 hours a day, 7 days a week, with CCTV monitoring and access controls. These data centers are Tier 3 certified, and SOC 2 Type II computing facilities.
(b) Logical and Data Access Controls.
Infrastructure Security Personnel. Airship’s dedicated team of infrastructure security personnel are responsible for the ongoing monitoring of Airship’s security infrastructure, the review of the Service, and security incident response.
Privilege Management. Customer administrators must authenticate themselves via the Service in order to administer the Service.
Internal Data Access Processes and Policies. Airship’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process data on the Service.
Access Management. Airship employs a centralized access management system to control personnel access to production servers for the Service to a limited number of authorized personnel. Central network-based authentication systems are designed to provide Airship with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information for the Service. Airship requires the use of unique user IDs, strong passwords, two factor authentication and access lists for Airship personnel to access the Service. The granting or modification of access rights to the Service by Airship personnel is based on:(i) the authorized personnel’s job responsibilities; (ii) job duty requirements necessary to perform authorized tasks based on least privilege; and (iii) a need to know basis. The granting or modification of access rights must also be in accordance with Airship’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Log-ins to the Service are logged into SIEM.
Access Controls. Security events for the Service, including login failures, use of privileged accounts, changes to access models or file permissions, modification to installed software or operating systems, changes to user permissions or privileges are logged on the relevant systems. Logs are generated through monitoring and alerting systems, and are held from 30 days to 1 year depending on the system generating the logs.
4. Network Security
(a) Data Transmission. Airship makes HTTPS encryption (also referred to as TLS connection) available for data in transit to or from the Service. Clear text HTTP connections to the Service are disabled by default.
(b) Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Airship intrusion detection involves:
- controlling the size and make-up of Airship’s attack surface through preventative measures;
- employing intelligent detection controls at data entry points; and
- employing technologies that automatically remedy certain dangerous situations.
5. Application Security
(a) Software Development. Airship employs a static code review process to increase the security of the code used to provide the Service. This code is reviewed and approved based on peer review prior to staging the code. All development for the Service is based on Secure Development Lifecycle (SDLC) model.
Compliance. Airship follows OWASP Top 10 best practices and Cloud Security
Alliance (CSA) standards.
(c) Data Integrity. Measures are in place to prevent corruption of stored Customer Data due to a malfunctioning of the Service. These include, patch management and change control procedures, QA testing prior to release, and logging of all changes to production systems for the Service.
6. Operational Security
(a) Redundancy. Infrastructure systems are designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks and other necessary components help provide this redundancy.
(b) Server Operating Systems. Airship servers use a Linux based implementation customized for the application environment. Industry best practice hardening standards are used. Data stored in the production environment of the Service is stored using proprietary algorithms to augment data security and redundancy.
(c) Businesses Continuity. Airship replicates critical data over multiple systems and locations to help protect against accidental destruction or loss of data in the Service. Airship backs up at least on a daily basis to a separate geographic location from the production servers for the Service. Replicated data is stored at rest in AES256 encrypted format. Airship has designed and regularly plans and tests its business continuity planning/disaster recovery programs.
7. Customer Data
(a) Data Storage and Isolation. Airship stores Customer Data in a multi-tenant environment on public cloud servers. Airship also logically isolates Customer Data in the Service. Airship conducts tests on a regular basis to confirm logical isolation.
(b) Data Deletion. After 90 days following termination of Customer’s contract for the Service, Airship will delete all Customer Data in the production servers of the Service. In addition, certain Customer Data stored in Airship Customer Engagement Platform will be deleted on an ongoing basis in accordance with the Airship Data Retention Schedule.
(c) Location. If Customer has selected United States as the data center location for the Airship Customer Engagement Platform, all Customer Data stored on that Platform is located in the United States. If Customer has selected the European Union as the data center location for the Airship Customer Engagement Platform, all Customer Data stored on that Platform is located in the European Union. All Customer Data stored on the Apptimize Testing Platform is in the United States. By using the Service, Customer consents to storage of Customer Data in the United States or in the European Union, as applicable. Customer Data may be transferred to and accessed from Airship subsidiaries locations for technical support, error fixes and other product related services.
(d) Pseudonymization and Encryption. The Service includes measures that Customers can configure in order to reduce direct references to persons during processing in such a way that it is only possible to associate data with a specific person if additional information is included. The additional information is kept separately from the pseudonym by appropriate technical and organizational measures in place. Customer is solely responsible for electing to use measures for pseudonymization of personal data processed on the Service. The Service uses databases that are encrypted with industry standard AES256.
8. Data Breach Management
If Airship becomes aware of a Data Breach, Airship will notify Customer without undue delay of the Data Breach, and take reasonable steps to minimize harm and secure Customer Data. Notification(s) of any Data Breach will be delivered to the email address provided by Customer in the Agreement or in the admin console of the Service. Customer acknowledges that it is solely responsible for ensuring that the contact information set forth in the Agreement (or in the admin console of the Service) is current and valid. Customer agrees that “Data Breaches” do not include: (i) unsuccessful access attempts or similar events that do not compromise the security or privacy of Customer Data, including pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems; or (ii) breach of security not caused by Airship.
9. Personnel Security
(a) Background Checks. Airship conducts appropriate background checks of our employees to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
(b) Employee Training. Airship employees are required to (a) execute a confidentiality agreement; (b) undergo annual security training, and (c) if handling Customer Data, complete additional requirements appropriate to their role.
(c) Employee Code of Conduct. Airship employees are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.
10. Privacy by Design
Airship employs Privacy by Design and Privacy by Default principles in its development and operations processes.
11. Authorized Subprocessors
(a) Subprocessor Security. Prior to onboarding subprocessors, Airship conducts a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of subprocessors to assess that subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Subprocessors are re-authorized upon contract renewal or on an annual basis.
(b) Subprocessor List. Current list of subprocessors is available here.