Topic outline
Authentication: Identity management
Security by design
Standard for ordinary accounts such as end users, at least an operational level of certainty 2.
Standard for sensitive accounts An operational level of certainty 3.
The benchmark of strong authentication and security levels is determined by NIST-800-63-3 Digital identity guidelines
Managers from CODEX.EU meet the operational level of certainty 3.
- Identity assurance level 3
- Authentication security level 3
- Knowledge factor, something you know: Password
- Property factor, something you have: TOTP or YUBIKEY
- Federation Security Level: No Federation
Break The Glass Accounts
Break The Glass Accounts are facilitated with a different property factor.
Warning about use is enabled.Managers from CODEX.EU at suppliers meet the operational level of certainty 2.
- Identity assurance level 2
- Authentication security level 3
- Knowledge factor, something you know: Password
- Property factor, something you have: TOTP
- Federation Security Level: No Federation
Users of CODEX.EU meet the operational level of certainty 2.
- Identity assurance level 2
- Authentication security level 3
- Knowledge factor, something you know: Password
- Property factor, something you have: TOTP
- Federation Security Level: No Federation
Federation
If an organization chooses to integrate federated authentication, the strength of the authentication falls for its users under the responsibility of this organization.
- PS: This integration is done on a time and materials base
Single-Sign-On can be setup with Co-Dex.eu. For this the following protocols are supported OpenID Connect 1.0 and OAuth 2.0.
Preferably we enable OpenID Connect as it is the most strict and up-to-date standard for the user authentication.
As described above when the Single-Sign-On is enabled, the identity provider (IdP) becomes responsible for the authentication strength of the user's accounts being used.
The IdP also becomes responsible for the lifecycle management of the users' credentials and revocation.
Patch Management
Security by design
Standard 3-monthly security patches.
Components in the management of CODEX.EU
Security patches are installed on a 3 monthly basis.
These are first validated in the development environment before installing in production.
For critical updates there is an emergency procedure for hands. This takes into account the different environments, but is implemented in an accelerated pace.
Components in the management of CODEX.EU suppliers
Components and services that are managed by suppliers and used by CO-dex.eu such as the underlying mail services, runtime platform are at least to this 3-month frequency.
Supply Chain
Security by design
We keep it short!
CODEX.EU consciously maintains a very short supply chain.
This keeps the whole manageable and ensures transparency and good sustainable cooperation.
Supply Chain
The parties, location and possibly additional measures based on a risk analysis.
Mailjet SAS
- Functionality: Applicative and newsletter Mail services
- French company
- GDPR COMPLAINT: Yes
- Supervisor: CNIL
- Hosting: France GCP
Google Computing Platform
- Functionality: Applicative runtime environment
- American company
- Supervisor: Irish Authority
- Hosting: Belgium Primary and France Backup
- Risk of risk: Transfer to America based on the Schrems II judgment
- Additional measures
- The sensitive information within CO-dex.eu is encrypted at applicative level. This means that the information at rest is not accessible to the hosting provider.
LetsEncrypt
- Functionality: Certificate Authority
- Company: US - California Public Benefit Corporation
- No personal data in Scope. These certificates are only used to guarantee application security.
- Hosting Certificates: On the CODEX.EU servers.
Cloudflare
- Functionality: Content Delivery Network (CDN) as a measure against DDoS attacks and scalable delivery of the static information on our websites.American company
- Supervisor: Portuguese Authority
- Personal data: A CDN works on the basis of caching of the static data from a web application. Personal data is always dynamic within CODEX.eu applications. This means that the personal data will never be cached on the infrastructure of Cloudflare.
- Measure GDPR conformity: Activating only hosts to the European Economic Area (EEA).
GoDaddy LLC
- Functionality: DNS provider.
- Personal data: No customer data in Scope of this supplier. Only CO-dex.eu Contact information.
Encryption
Security by design
Data is encrypted as standard, both at rest and in transit.
Data in transit
Each internal or external connection has encryption such as HTTPS active.
Exception: CRL-checking (by design over HTTP, the chicken or the egg problem to validate the certificate of this connection.
Data at rest
Users passwords are called one-way to be stored with Salting so cannot be read out"}" data-sheets-formula="=CONCATENATE("",R[1]C[-2],"")">Wachtwoorden in rust zijn in één richting gehasht en gezouten, deze kunnen niet worden onthuld of aangevallen door regenboogbomen.{mlang}
Passwords at rest are one-way hashed and salted, to these cannot be disclosed or attacked by rainbow trees.
The encryption is activated for all data stores.
CODEX.EU adds an additional applicative encryption for confidentiality-sensitive information. This indemnifies data access outside the application as directly to the storage location.
Exception: E-mails that are sent. As a compensatory measure, we ensure strict hygiene regarding the data classification of the information sent by e-mail.
Supplier data
This policy is also applied by our suppliers of services that we use to facilitate the application such as hosting, e-mail etc.
Backup
Co-Dex.eu is taking the necessary measures to implement the zero-data principle.
In a worst-case scenario all data has been lost due to an event for example human error, malicious actor, ...
This entails two parts to be able to recover.
First the data being processed by the Co-Dex.eu application which is mainly the templates and the resulting live information being used by the customers. This information resides in multiple places:
- Datastores which host the file based information.
- Databases which host the structured information.
- E-mails being processed by our mail provider.
Second the infrastructure and services providing the processing of the information serving it to the customers as business processes. This infrastructure has the following measures in place to ensure recovery posibilities:
- Infrastructure as code: all infrastructure is being defined in code and is being stored on the code repository.
- The infrastructure can be rebuild from the code repositories.
- Kubernetes is the runtime technology used for web applications, web services and other container enabled services (e.g. Keycloak).
- The information processed by the Kubernetes containers are backed up on a daily basis.
- The deployment lifecycle completely rebuilds and validates by means of unit testing the entire application, this helps us to assure the deployment process is repeatable and effective.
Performance and availability
The performance of the application is one of the key success factors towards the user experience.
Co-Dex.eu is currently designed for power users.
PS: On the roadmap more automation and minimalistic input request from the user should leverage the onboarding for novice users.
Due to the cloud native technology being used and the asynchronous messaging in the backend is ensures that the variability in use of the application resources due to multiple processes, growth of the number of users, and more usage in general; the resources have the cloud native elasticity which helps to handle the variable load on the system.
Here a description as per technology in place the following measures to assurance the elasticity and scalability:
- Kubernetes: the resources assigned to Kubernetes are fully elastic with a minimum assurance of runtime resources growing along the needs of the containers.
- Webservers: the webservers are horizontally scaled out (and in) according to the load on the system.
- Databases: thanks to the serverless database concept the elasticity is assured by design.
- Datastores: the datastores have a full elastic approach on the available space with limits which far exceed the requirements of the normal usage of the system.
- E-mail services: the e-mail services are running on a SaaS which has assurance on volume and throughput.
- Bandwidth to the application: the bandwith towards and from the application is assured by industry leading Content Delivert Network which has been configered to cope with volumetric attacks (e.g., DDoS), rise in normal usage of the application, ...
No CAPs have been set, the resources are limited by alerts which are being sent out.
Contractual assurance on availability on the services and the information:
- Service Level Agreement: 99,9%
- Business days: Monday - Friday
- Business hours: 08.00 AM - 18.00 PM
- Return to operations: next business day
- Recovery Point Objective: 12 hours
Means of contact: depends on the contract
- Email (standard support)
- Phone (enterprise support)
Requirements
To run Co-Dex.eu all you need is the following:
- An up-to-date browser, preferably one based on Chromium.
- An internet connection.
- Active credentials.
- The required role within your organization (defined in Co-Dex.eu).
- A normal business computer without special performance requirements (minimum. 4GB ram and up-to-date CPU).
Data locality
Co-Dex.eu is taking proportionate measures to cope with the risks due to the GDPR regulation. This is being defined on organizational (e.g., contractual agreements, supply chain management, policies, incident procedures, ...) and technical (e.g., authenitcation, auditability, hosting locations, encryption, ...) measures.
The information is processed in the European Economical Area (EEA).
This is being configured on multiple levels:
- Hosting is configured to be located in datacenters in Belgium and France
- CDN is being configured to only have break-out points in Europe
Exit clause
Security by design
Standard retention period after contract 6 months.
Clearly describing the rights of the customers so that the customer knows where he stands in terminating the collaboration.
If the cooperation is stopped ...
Right to data transferability for the information that belongs to the customer.
After stopping contract Default 6 months, keeping the information.
If the customer returns to it, this can be relatively easy to get back enabled, then Initial Loading is necessary.
The information is offered under the form of JSON format. This is a modern file format that can be processed by most recent technologies.