Website & Portal Security (SSL Certificates)
SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication.
The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted. Our servers uses an X.509 certificate (SSL/TLS server certificate). Certificates are a digital form of identification issued by a certificate authority (CA). A certificate contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer.
Data Storage & Access (Amazon Web Services)
Ship Science data is stored in secure databases hosted by Amazon Web Services (AWS). AWS provides several security capabilities and services to increase privacy and control network access. These include:
- Network firewalls built into Amazon VPC, and web application firewall capabilities in AWS
- WAF creates private networks, and controls access to instances and applications
- Encryption in transit with TLS across all services
- Private connections from Ship Science offices to AWS servers
AWS also provides controls related to user access policies across AWS services. This includes:
- AWS Identity and Access Management (IAM) defines individual user accounts with permissions across AWS resources
- AWS Multi-Factor Authentication for privileged accounts, including options for hardware-based authenticators
- AWS Directory Service allows integration and federation with corporate directories to reduce administrative overhead and improve end-user experience
- AWS provides native identity and access management integration across many of its services plus API integration with any application or service.
Ship Science also utilizes Elastic Load Balancing, automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.
Payment Processing (Stripe)
Ship Science processes customer payments through Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe makes use of best-in-class security tools and practices to maintain a high level of security.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
Ship Science’s network security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. These are intentionally stated in a very general way, to protect against potential cyber-attacks. If your organization requires further detail on our network security, please contact us.
- Secure Communication. All data transmission to our services are encrypted using TLS 1.2 protocols, and we use certificates issued by SHA 256 based CA ensuring that our users have a secure connection from their browsers to our service. We use the latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.
- IDS/IPS. Our network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems.
- Control and Audit. All accesses are controlled and also audited.
- Secured / Sliced Down OS. Our business applications run inside a secured, sliced-down operating system engineered for security that minimizes vulnerabilities.
- Virus Scanning. Traffic coming into Ship Science computer systems is automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.
We understand that, even with the above security considerations in place, it is critically important to manage our processes related to our employee access to sensitive customer data. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations.
- Select Employees. We limit access to customer data on a role basis to only employees who need such access to provide support and troubleshooting on our customers’ behalf. At no time can our employees access your complete payment information.
- Audits. Audits are regularly performed and access is reviewed by management with each audit.
What can I do to secure my account?
Please use a strong password (at least 8 characters, a combination of upper/lower case letters, a number and at least one special character (like #,$,%,@ or !). In addition, please let us know if you notice any suspicious activity with your Ship Science or shipping accounts. We can assist with a security audit.