ProNavigator Security

ProNavigator’s engineering teams are dedicated to delivering robust, performant solutions that are secure by design.

To achieve this, we adhere to the following principles when designing and building our products:

Icon
Security reviews & specifications preceding product launches
Icon
Automated test suites dedicated to security
Icon
Regular penetration testing
Icon
Expiring security tokens
Icon
Development tooling & environments that are secure by default and design
Icon
Training materials for engineers covering topics such as cryptography & secure coding

Security Measures

Federated identity management

ProNavigator allows federated identity management to provide access to our application. Each authenticated session only needs to be requested by the user once to reduce the number of locations where credentials are stored and the number of transactions containing such information across the internet.

Every user session and activity is securely logged for security forensic analysis and management.

Encryption at rest

Every single bit of data that is stored in ProNavigator’s servers is encrypted with minimum AES-256 and we continuously update all of our services to be in compliance with the latest encryption standards in computer networking. We take extra precaution and ensure that only the employees that need access will have access to data at rest and additional training is conducted to adhere to those applicable. ProNavigator’s security team actively reviews computer logs to ensure that sensitive information is never logged. ProNavigator also takes further precautions by encrypting logs from all of our resources.

Encryption in transit

Internal and external data that is in transit across ProNavigator’s services are completely encrypted with TLS 1.2 or better and we continuously update our computer network with the latest encryption standards to remain compliant and secure.

Penetration Testing

Commercial grade penetration testing is conducted regularly on our services by trusted third-party vendors. Penetration testing is an ethically simulated cyber attack against ProNavigator’s cloud services to check for possible vulnerabilities. To reduce our susceptibility to attacks, ProNavigator minimizes the number of public-facing endpoints (APIs, servers) and stores the internal micro-services behind a virtual private cloud.

Personal identifiable information (PII)

ProNavigator stores thousands of documents and user accounts which contain PII data. Customer Documents are assumed to contain PII and IP data and are therefore stored outside regular storage, in segregated storage by client. User accounts are stored in a secure authenticated database, and are only accessible by authorized users. All PII is encrypted at rest and in transit, and deleted within 90 days of service termination.

Account security

ProNavigator ensures the data privacy of all account credentials by eliminating plain text storage for passwords and instead, employs the best practices in salting and hash passwords before storing it within our servers. ProNavigator owns the user authentication and can fully ensure that sensitive information never leaves the virtual private cloud or is passed to third-party vendors.

Risk assessment & mitigation

In addition to regular third-party penetration testing, we also have continuous security assessments done by our security personnel. We maintain detailed risk assessment and mitigation policies that are regularly reviewed and updated.

Data Backups

ProNavigator regularly backs up data into AWS snapshots. All backups are encrypted in transit and at rest. Employees must gain a security clearance to access data for the limited time that they need the data for. Our data backups, securely encrypted and kept behind a virtual private cloud, are solely used for disaster recovery and are not used for any other purposes.

High Availability

Core production services are deployed in high availability configurations within Amazon Web Services. Depending on the owner of the data, we locate zones that we are permitted to. These zones are used to avoid massive outage scenarios and are geographically located in different areas — interconnected but highly redundant. To further assist this, ProNavigator uses serverless architecture by breaking down cloud resources into small computing units that can be scaled accordingly — redundant and failover. These components are carefully designed so that in the event of an outage, it would be possible to failover to a second region.

Reach out to our team if you would like to learn more about our security at security@pronavigator.com