Run by our dedicated in-house infrastructure experts, on industry-leading Amazon Web Services infrastructure. Both Amazon Web Services and Bright are certified to ISO27001:2013, so you can trust your assets are in safe hands.
We have datacentres in the EU, US, CA, ME, AP and AUS so you can choose the region most suited to your requirements.
Our practices are fully in line with EU GDPR regulations, and so are our suppliers which we use to help deliver Asset Bank to you.
As an ISO 27001:2013 accredited company, we have the controls in place to effectively manage your assets using the three pillars of data protection - confidentiality, integrity and availability.
Asset Bank’s security is baked in right from the initial designs of any new features. Our developers are trained in secure coding practices, and our secure development lifecycle policies ensure that testing and peer reviews are carried out on all changes made to the product. We also use an ongoing program of automated vulnerability scanning and manual penetration testing from an accredited third-party.
Our hosting partner, AWS, is a world leading provider of cloud servers and storage, renowned for their comprehensive compliance suite. Your digital assets are stored in AWS S3, which stores data with a redundancy rate of 99.999999999%.
Asset Bank’s cloud hosting means that resources scale as you need them, so you can store as much data as you need to without having to worry about disk space. Our service uptime SLA is 99.9%, and our scheduled maintenance windows are all in the middle of the night, for the region in which your application is installed.
Read on for more detail about the specific controls we have across the different elements of our cloud hosting service.
AWS’s physical security measures at their datacentres are some of the best in the world. CCTV, intrusion detection, redundancy, fire detection and suppression, and leakage detection to name a few. More detail can be seen on their website (https://aws.amazon.com/compliance/data-center/controls/)
Access to any technical system at Asset Bank is granted in line with our ISO-compliant access control policies, utilising roles-based access and the principle of least privilege. To gain access to our AWS cloud environment the connection must be made from our own IP address using a secure, encrypted tunnel. And in a world of hybrid working, our VPN is managed so that only approved devices may access our networks.
When you access Asset Bank through your web browser, you will be using an encrypted HTTPS connection so that your activity can’t be snooped upon. Our certificates use Let’s Encrypt to automatically re-issue expiring certs, and you can choose a custom domain for your app too.Your digital assets, stored in AWS S3, and the metadata in the database is encrypted at rest, this means that even if your data was compromised in any way, it would not be readable by the threat actor. All backups are also encrypted in transit and at rest.
Even with AWS’s excellent record of data redundancy in S3 we use an entirely different set of S3 buckets to store your backups. Any asset that you upload to Asset Bank will be instantly replicated to this secondary bucket where it will be safely stored until 90 days after you remove the original asset from Asset Bank. Our comprehensive disaster recovery strategy also means that database and application backups are taken regularly so that we can restore your entire application with a Recovery Point Objective (RPO) of, maximum, twelve hours.
Our Asset Bank security management team is trained in, and tests, our ISO-compliant business continuity plan to make sure that in the event of a disaster, we are able to resume our service as soon as possible. But with your data in AWS and our distributed workforce, we’re minimising the risk of any one event affecting our service in any way.
Our dedicated in-house infrastructure experts support the entire platform, resulting in one less application for your IT Team to worry about, and gaining you access to qualified, skilled support.
If you have bespoke security requirements we understand that you might want to host Asset Bank on a dedicated server. We partner with AWS to provide fully backed up EC2 virtual servers which we fully manage for you.
Asset Bank is committed to fixing serious security vulnerabilities promptly and carefully.
In order to protect our customers, we require that vulnerabilities be disclosed responsibly and reported to us in confidence. Vulnerabilities should not be disclosed publicly before we have investigated them and, if necessary, released a fix.
How to Report a Security Issue
Please email firstname.lastname@example.org.
Please provide enough detail to allow us to reproduce and investigate the issue quickly, including:
- Step by step instructions to reproduce the issue
- Affected version
- Affected configuration (e.g. operating system, browser, other software involved, settings)
When we receive a vulnerability report we will:
- Acknowledge receipt of the vulnerability report.
- Investigate the report.
- If necessary, develop a fix for the vulnerability.
- When security fixes are released, notify subscribers to our security mailing list.
Get Regular Security Announcements
Sign-up here to receive security related announcements from the Asset Bank team.