Today Amazon Web Services (AWS) is one of several Cloud service providers that are available. At Pipeliner, we chose to go with AWS over a decade ago and have remained with them ever since. Why have we done so? Continuing in our series on Pipeliner CRM security, here is our path and reasoning.
Our Own DataData Data is a set of quantitative and qualitative facts that can be used as reference or inputs for computations, analyses, descriptions, predictions, reasoning and planning. Center
A couple of decades ago, we provided hosting and development services to our banking compliance clientClient A client is an entity who pays another entity for products purchased or services rendered. Also called a customer. World Check. To do so, we built our own complex data center with 50 or 60 rack-mounted Alpha and, a bit later, IBM servers. We had tremendous failover services, load balancing, and backup systems. There was considerable other hardware required—server cages, routers, bridges, disk drives, and high-speed cabling.
Such an infrastructure requires extensive resources. We needed multiple contracts with hardware and software vendors. We had to have staff to run and care for everything in the site. People need to be available at all times to care for equipment failure or damage, as we couldn’t afford for the system to be down at any time.
Careful Search for Outsourcing
During the time we maintained our own data center, I was constantly on the lookout for data center outsourcing services. Today the whole topic of outsourcing is obvious for everyone, but back then it wasn’t. Additionally, I had an expensive background in running a data center, so had precise requirements.
There were only a few providers of that kind of service at the time. There was IBM, to whom we were already connected. There was Microsoft and, representing one of the large European data centers, I flew to their Dublin site and toured their enormous data center. They actually used the cold ocean winds to cool their servers! It was quite impressive.
Microsoft, however, was a closed system. Throughout my books and articles, I have recounted many times how I, even back then, was very vocal in my advocacy of open source. I contracted with the Austrian government to explore open source’s possibilities. I ended up in a public argument with Microsoft at a press conference on the subject, as they insisted that open source would never come to pass. Fast forward some years, and in 2018 they purchased the world’s largest open-source repository GitHub for $7.5 billion. Microsoft totally reversed its stance, and my prediction came 100 percent true.
The AWS Partnership
Our partnership with AWS began right from their start, now 12 or 13 years ago. Many didn’t know it at the time, but alongside Amazon, Jeff Bezos was also building Amazon Web Services, focused on supporting companies in utilizing the Cloud for easily building an infrastructure.
This partnership has certainly been fruitful, resulting today in our production infrastructure running in 4 AWS regions: Toronto, Sydney, Northern Virginia and Frankfurt. We have a staging environment in Dublin, at which we can stage our application and thoroughly test it.
This partnership also reduced our costs and efforts considerably. We didn’t have to outlay money for hardware, negotiate with vendors, or hire staff to run the data center. I would say outsourcing has reduced our expenditures by 70 to 80 percent compared to doing it ourselves.
Powerful Security
AWS met our requirements in yet another way, that of robust security protocols and systems already in place.
Data Retention and Backup We follow parameters provided by AWS as regards data backup and retention. In our case, we retain customerCustomer Customer is an individual or an organization that purchases a product or signs up for a service offered by a business. data for a maximum of 35 days. The entire database can be recovered at any time during this retention time.
If a customer requires total removal of their data from our system, this request can be fulfilled within a day. Backup data would become available following the expiration of the 35-day retention period. Alternatively, a customer can choose to have backup data eliminated along simultaneously with the live database. For a complete explanation of AWS data retention and backups, click here.
Data Segregation Between Clients AWS has a protocol following the ISO 27001 security standard, through which customer data is separated and highly secure.
A primary database instance is created, which is then synchronously replicated to different Availability Zones. This allows us as a CRM to have multiple data centers around the world—something not all CRM vendors offer. This means that data available to one region is not available in others. For example, European GDPR regulations stipulate that European data should not be available in North America.
Within our CRM application, a separate database along with its mirror represents each customer space. If required, we can provide an additional layer of isolation. In that case, customer data would reside on a separate database server, associated with the CRM infrastructure.
Firewalls High-level firewall security is composed of IDS (Intrusion Detection System), load-balancing WAF (Web Application Firewall), and IPS (Intrusion Prevention System) technology. If one of our customers has special firewall requirements, we can accommodate them in a separate dedicated environment.
Key and Secret Key Management Encrypted Ansible Vault with audit/change log, along with AWS parameter store, is used for the management of secret and private keys. AWS Parameter Store provides secure, hierarchical storage for configuration data management and secrets management, and within it can be stored data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes. Ansible Vault utilizes encryption for the protection of sensitive contentContent Content refers to a material or document released in various forms (such as text, image, audio, and video) and created to inform, engage or influence specific audiences. such as passwords and keys.
As we continue this series, I will further explain our security processes and how they provide the utmost protection of your CRM data.