Sheetloom Security Document
1. Introduction
The Sheetloom Security Document provides a comprehensive overview of the security measures and controls implemented to protect Sheetloom. As a service that enables businesses to automate and manage complex Excel workflows, Sheetloom prioritizes the confidentiality, integrity, and availability of customer data.
Our platform leverages AWS services to ensure robust security and compliance with industry standards. This document outlines the specific security practices we employ to safeguard customer data, maintain system integrity, and ensure compliance with regulations such as GDPR.
Key components of our security strategy include:
- Data Protection: Ensuring the security of customer spreadsheets and associated data through encryption and access controls.
- Identity and Access Management: Implementing strict IAM policies to enforce tenant isolation and least privilege access.
- Network Security: Utilizing AWS VPCs and security groups to protect our infrastructure from unauthorized access.
- Monitoring and Logging: Employing AWS CloudWatch and CloudTrail to monitor system activity and detect potential security incidents.
- Incident Response: Maintaining a structured incident response plan to quickly address and mitigate security threats.
This document serves as a guide for our development and security teams, as well as a resource for auditors and stakeholders to understand our security posture.
2. System Overview
Purpose:
This provides a high-level description of Sheetloom, its architecture, and the AWS services used to ensure a clear understanding of the system's structure and security integrations.
Components:
- Application Description: Sheetloom is a multi-tenant application designed to automate the population of Excel spreadsheets with company-specific data. It integrates various data sources, including CSV files, databases, APIs, and websites, to ensure accurate and efficient data management and reporting.
- Architecture Overview: The system architecture integrates multiple AWS services to ensure scalability, security, and high availability.
- AWS Services Used: The application leverages a range of AWS services, including AWS Amplify for frontend hosting, AWS Cognito for authentication, Amazon S3 for data storage, AWS Lambda for serverless compute, AWS Glue for data processing, Amazon Athena for data querying, API Gateway for API management, Amazon RDS for relational databases, AWS Secrets Manager for managing sensitive information, Virtual Private Cloud (VPC) for network isolation, and Elastic Container Registry (ECR) for container image storage.
2.1 Application Description
Sheetloom Key functionalities include:
- Automated Data Integration: Seamlessly connects to multiple data sources such as CSV files, PDFs, databases, APIs, and websites to gather and consolidate data.
- Multi-Tenancy Support: Ensures that each tenant (company) operates within an isolated environment, maintaining strict data segregation and security.
- User-Friendly Interface: Provides an intuitive interface for users to configure data sources, manage data processing tasks, and generate accurate Excel reports without requiring technical expertise.
2.2 Architecture Overview
A detailed architecture diagram and configuration of supporting AWS services is included in the 5.1 Detailed Architecture Diagram section.
The high-level architecture of Sheetloom includes the following components:
- Client Interaction:
- Users access the application via a secure web interface hosted on AWS Amplify.
- Authentication and Authorization:
- AWS Cognito manages user authentication, providing secure access based on tenant-specific user pools and identity pools.
- Data Storage:
- Each tenant is assigned a dedicated Amazon S3 bucket, ensuring secure and isolated storage of their data.
- API Layer:
- API Gateway acts as the entry point for all API requests, routing them to appropriate AWS Lambda functions that handle business logic and data processing.
- Data Processing and Analytics:
- AWS Glue performs ETL (Extract, Transform, Load) operations to prepare data for analysis.
- Amazon Athena enables tenants to perform ad-hoc queries on their data stored in S3, facilitating data-driven decision-making.
- Database Management:
- Amazon RDS maintains relational databases that store application metadata, tenant information, and other critical data.
- Secrets Management:
- AWS Secrets Manager securely stores sensitive credentials and API keys, ensuring they are accessed only by authorized services.
- Networking:
- A Virtual Private Cloud (VPC) provides network isolation, with Security Groups and Network ACLs configured to control traffic flow.
- Elastic Container Registry (ECR) hosts container images used by the application, ensuring secure and efficient deployment.
2.3 AWS Services Used
- AWS Amplify: Facilitates frontend hosting, content delivery, and continuous deployment, ensuring rapid and reliable delivery of web interfaces.
- AWS Cognito: Manages user authentication and authorization, supporting multi-tenancy through dedicated user and identity pools.
- Amazon S3: Provides scalable and secure data storage for each tenant, with encryption and access controls to protect data integrity and confidentiality.
- AWS Lambda: Enables serverless execution of backend logic, allowing for scalable and cost-effective processing of API requests and data operations.
- AWS Glue: Manages metadata catalog for each tenant's database, providing table definitions and column information for CSV and PDF data stored in S3, enabling structured data access.
- Amazon Athena: Enables users to run SQL queries against their uploaded CSV and PDF data, with preview functionality for validating queries before using them in stitches. Also handles table creation and deletion when tenants upload or remove CSV and PDF files.
- API Gateway: Provides the endpoints for all backend Lambda functions, serving as the central entry point for API requests.
- Amazon RDS: Used to host the web application's metadata in a relational database.
- AWS Secrets Manager: Stores metadata database credentials and connection information for Athena access.
- Virtual Private Cloud (VPC): Ensures network isolation and security, with carefully configured subnets, route tables, and security settings.
- Elastic Container Registry (ECR): Stores and manages all Lambda Docker images used by the application.
3. Security Objectives
Purpose:
Outlines the primary security goals for the Sheetloom application to ensure a clear focus on protecting data, maintaining system integrity, and ensuring compliance.
Components:
- Confidentiality: Protecting sensitive data from unauthorized access.
- Integrity: Ensuring data accuracy and preventing unauthorized modifications.
- Availability: Guaranteeing reliable access to the application for authorized users.
- Compliance: Adhering to relevant laws, regulations, and industry standards (e.g., GDPR).
3.1 Confidentiality
Objective: Protect customer spreadsheets, business data, and user information from unauthorized access.
Implementation:
- Multi-Tenancy Isolation:
- Each company accesses Sheetloom via their unique subdomain (company.sheetloom.com)
- Dedicated Cognito User Pool and Identity Pool per tenant
- IAM policies ensure tenants can only access their own S3 bucket and associated services
- Strict isolation prevents cross-tenant data exposure
3.2 Integrity
Objective: Ensure accuracy and prevent unauthorized modifications of spreadsheets and business data.
Implementation:
- Secure API Access:
- API Gateway routes requests to appropriate Lambda functions
- Each request is authenticated and authorized before processing
- Data operations are logged for audit purposes
- Data Processing Controls:
- Spreadsheet data is processed through controlled Lambda functions
- Athena queries are scoped to tenant-specific databases
- All changes are tracked and versioned
3.3 Availability
Objective: Maintain reliable access to Sheetloom's spreadsheet automation services.
Implementation:
- AWS Infrastructure:
- Amplify hosts and delivers our frontend
- Automatic scaling for Lambda functions and API Gateway
- Multi-AZ deployment for critical services
- Resilience:
- Automated failover capabilities
- Regular backup and recovery testing
- Continuous monitoring of service health
3.4 Compliance
Objective: Meet regulatory requirements while protecting customer data.
Implementation:
- GDPR Compliance:
- Transparent data processing documentation
- Built-in data subject access rights
- Secure data transfer mechanisms
- Data minimization practices
4. Compliance Requirements
Purpose:
Detail the regulatory and compliance standards that apply to Sheetloom to ensure adherence and avoid legal repercussions.
Components:
- Applicable Regulations: GDPR, CCPA, HIPAA, PCI-DSS, etc.
- Industry Standards: ISO 27001, SOC 2, NIST, etc.
- Internal Policies: Company-specific security policies.
4.1 Applicable Regulations
- General Data Protection Regulation (GDPR):
- Overview: GDPR is a regulation in EU law on data protection and privacy for individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
- Compliance Measures:
- Data Protection: Implement robust data encryption both at rest and in transit to protect personal data.
- User Consent: Obtain explicit consent from users for data processing activities.
- Data Subject Rights: Facilitate rights such as data access, rectification, and erasure for data subjects.
- Data Processing Records: Maintain detailed records of data processing activities to ensure accountability.
- Breach Notification: Establish protocols to notify supervisory authorities and affected individuals in the event of a data breach within the stipulated timeframe.
4.2 Industry Standards
ISO/IEC 27001:
- Overview: ISO/IEC 27001 is an international standard for managing information security. It provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
- Compliance Status:
- Adherence: Sheetloom complies with the controls and best practices outlined in ISO/IEC 27001 to ensure comprehensive information security management.
- Implementation: Implement policies, procedures, and controls that align with ISO/IEC 27001 standards, covering areas such as risk assessment, asset management, access control, and incident management.
- Continuous Improvement: Regularly review and update security measures to maintain alignment with ISO/IEC 27001 requirements, fostering a culture of continuous improvement.
SOC 2:
- Overview: SOC 2 is a framework for managing customer data based on five "Trust Service Criteria"-security, availability, processing integrity, confidentiality, and privacy. It is particularly relevant for service providers storing customer data in the cloud.
- Compliance Status:
- Adherence: Sheetloom adheres to SOC 2 principles to ensure the security, availability, and confidentiality of customer data.
- Implementation: Establish controls and practices that meet SOC 2 requirements, including secure data handling, system monitoring, and access controls.
- Monitoring: Continuously monitor and audit systems to ensure ongoing compliance with SOC 2 standards.
4.3 Internal Policies
- Information Security Policy:
- Purpose: Defines Sheetloom's approach to managing and protecting information assets.
- Scope: Applies to all employees, contractors, and third-party partners.
- Key Elements: Data classification, access control, acceptable use, incident response, and continuous improvement.
- Data Handling Policy:
- Purpose: Establishes guidelines for the collection, processing, storage, and disposal of data.
- Key Elements: Data minimization, encryption standards, access restrictions, and data retention schedules.
- Incident Response Policy:
- Purpose: Outlines the procedures for responding to security incidents.
- Key Elements: Incident detection, response steps, roles and responsibilities, and communication protocols.
5. Architecture and Components
Purpose:
Provide an in-depth look into the system architecture, emphasizing security-related components to ensure a secure and efficient infrastructure.
Components:
- Detailed Architecture Diagram: Including security layers.
- AWS Amplify Configuration: Hosting, authentication, APIs, etc.
- Supporting Services: AWS Cognito for authentication, Amazon S3 for storage, etc.
5.1 Detailed Architecture Diagram
The security layers within the architecture of Sheetloom are structured to provide robust protection and efficient data management:
- Client Interaction:
- Users access Sheetloom via their company's secure subdomain
- Authentication through tenant-specific Cognito User Pool
- Secure token-based authentication for API access
- Authentication and Authorization:
- Each tenant has a dedicated Cognito User Pool and Identity Pool
- Temporary AWS credentials are scoped to tenant resources
- Role-based access control within each tenant environment
- API Layer:
- API Gateway routes requests to appropriate Lambda functions
- Each request is authenticated and authorized before processing
- Lambda functions enforce tenant isolation and business logic
- Data Storage and Processing:
- Tenant data stored in isolated S3 buckets
- Glue manages metadata for tenant databases
- Athena enables secure SQL queries on tenant data
- Secrets Management:
- Secure storage of database credentials and API keys
- Access limited to authorized services
- Networking:
- VPC configuration with public and private subnets
- Security Groups and NACLs control traffic flow
- ECR hosts Lambda container images securely
5.2 AWS Amplify Configuration
- Hosting:
- Frontend hosted on AWS Amplify
- CloudFront distribution for content delivery
- Tenant-specific subdomains
- Authentication:
- Cognito User Pools for tenant authentication
- Identity Pools for AWS service access
- APIs:
- Secure API Gateway integration
- Lambda function routing
- Request authentication and authorization
5.3 Supporting Services Configuration
- AWS Cognito:
- Tenant-specific authentication
- Scoped AWS credentials
- Role-based access control
- Amazon S3:
- Isolated tenant buckets
- Encrypted data storage
- Access controls per tenant
- AWS Lambda:
- Serverless processing
- Tenant context isolation
- Least privilege access
- AWS Glue & Amazon Athena:
- Tenant database management
- Secure query execution
- Data access controls
- AWS Secrets Manager:
- Secrets are encrypted using AWS KMS and access-controlled, ensuring that only authorized services can retrieve sensitive information.
- Virtual Private Cloud (VPC):
- The VPC is divided into private and public subnets, with Security Groups and Network ACLs tailored to restrict unnecessary traffic and protect backend services.
- Elastic Container Registry (ECR):
- Container images are stored securely with access controls, preventing unauthorized modifications and ensuring that only trusted images are deployed.
6. Data Protection
Purpose:
Detail the mechanisms in place to secure data both at rest and in transit, ensuring comprehensive protection of sensitive information.
Components:
- Encryption at Rest: Utilizing AWS services' encryption capabilities to protect stored data.
- Encryption in Transit: Implementing TLS/SSL to secure data transmission.
- Data Classification: Categorizing data based on sensitivity to apply appropriate security controls.
- Data Lifecycle Management: Managing data from creation to deletion to maintain security and compliance.
6.1 Encryption at Rest
- Amazon S3:
- All tenant data stored in S3 buckets is encrypted using AES-256 encryption.
- Bucket Policies enforce encryption requirements, ensuring that all objects are stored securely without exceptions.
- Amazon RDS:
- Data stored in RDS instances is encrypted using AWS-managed KMS keys
- AWS Secrets Manager:
- Secrets are encrypted at rest using AWS Key Management Service (KMS) keys, safeguarding sensitive credentials and API keys.
6.2 Encryption in Transit
- TLS/SSL:
- All data transmitted between clients and Sheetloom is encrypted using TLS 1.2 or higher
- AWS Amplify and API Gateway enforce secure communication channels
6.3 Data Classification
Level | Classification | Description | Examples | Security Requirements |
---|---|---|---|---|
1 | Public | Information that can be freely shared |
|
|
2 | Internal | Information for internal use only |
|
|
3 | Confidential | Sensitive business information |
|
|
4 | Restricted | Highly sensitive information |
|
|
6.4 Data Lifecycle Management
- Data Storage:
- Tenant data is stored in dedicated S3 buckets with appropriate lifecycle policies
- Data Archiving:
- Older data is transitioned to S3 Glacier based on tenant requirements
- Data Deletion:
- Data retention policies ensure compliance requirements are met
- Secure deletion procedures for tenant termination
7. Identity and Access Management (IAM)
Purpose:
Describe how users and services are authenticated and authorized, ensuring that access is granted appropriately and securely.
Components:
- User Authentication: AWS Cognito configurations, MFA usage.
- Role-Based Access Control (RBAC): Permissions assigned to different roles.
- Least Privilege Principle: Ensuring users have only necessary access.
- Third-Party Access: How external services or partners access the application.
7.1 User Authentication
- AWS Cognito Configuration:
- Each tenant has its own Cognito User Pool and Identity Pool
- Users authenticate via their tenant-specific subdomain
- MFA is enabled for all user accounts
- Multi-Factor Authentication (MFA):
- Time-based one-time passwords (TOTP)
- SMS-based verification codes
- Authenticator app support
7.2 Role-Based Access Control (RBAC)
- Defined Roles:
- Admin: Possesses full access to tenant-specific resources, including user management, data configurations, and system settings.
- User: Has limited access, primarily to interact with their own data, generate reports, and perform standard operational tasks.
- Permissions:
- Roles are defined with specific IAM policies that grant only the necessary permissions required for their functions.
- Admins can manage user accounts, configure data sources, oversee data processing tasks, and access all data within their tenant's scope.
- Users can access and manipulate their own data, generate and view reports, and perform tasks within the constraints of their IAM roles.
7.3 Least Privilege Principle
- Access Restrictions:
- Users are granted the minimal set of permissions required to perform their tasks, reducing the risk of unauthorized access or actions.
- Temporary AWS credentials issued via Cognito Identity Pools are scoped to specific resources, such as tenant-specific S3 buckets and related services, ensuring users cannot access resources outside their purview.
- IAM Policy Enforcement:
- Strict IAM policies prevent privilege escalation
- Regular policy reviews and audits
- Automated compliance checks
7.4 Third-Party Access
- External Services:
- Access for third-party services or partners is managed through dedicated IAM roles and policies, ensuring that external entities have only the access they require.
- API Gateway secures endpoints, allowing access only to authenticated and authorized third-party entities based on predefined access controls.
- Secure Integration:
- Third-party integrations utilize AWS Secrets Manager to handle API keys and credentials securely, preventing unauthorized access.
- Access is continuously monitored and logged to detect and prevent unauthorized activities, maintaining a secure integration environment.
8. Network Security
Purpose:
Detail the measures taken to protect the network infrastructure, ensuring secure communication channels and preventing unauthorized access.
Components:
- VPC Configuration: Virtual private cloud settings.
- Security Groups and NACLs: Rules governing inbound and outbound traffic.
- API Security: How APIs are secured.
- Amplify Security Features: Built-in security measures provided by AWS Amplify.
8.1 VPC Configuration
- Virtual Private Cloud (VPC):
- The application operates within a dedicated VPC, ensuring network isolation and security.
- Subnets:
- Public Subnets: Hosts API Gateway for external access, allowing secure and controlled inbound traffic.
- Private Subnets: Contains RDS metadata database, and other backend services, shielded from direct internet access to enhance security.
- Routing:
- Configured with appropriate route tables to manage traffic flow between subnets and internet gateways, ensuring that only necessary traffic is allowed.
8.2 Security Groups and Network ACLs (NACLs)
- Security Groups:
- Stateful firewall rules at the instance level
- Configured to allow only necessary traffic
- Regular audits of security group rules
- Network ACLs:
- Stateless network filtering at the subnet level
- Additional layer of network security
- Default deny-all with explicit allow rules
8.3 API Security
- API Gateway Configuration:
- Authentication and Authorization:
- Integrated with AWS Cognito to authenticate API requests, ensuring that only authorized users and services can access API endpoints.
- Utilizes IAM roles and policies to authorize access to specific API endpoints based on user roles and permissions.
- Authentication and Authorization:
- Rate Limiting and Throttling:
- Configured to prevent abuse and ensure fair usage by setting limits on the number of requests per second, mitigating the risk of Denial-of-Service (DoS) attacks.
- Input Validation:
- Implemented within Lambda functions to validate and sanitize incoming data, mitigating injection attacks and other vulnerabilities by ensuring that only properly formatted and expected data is processed.
8.4 AWS Amplify Security Features
Built-in Protection:
- DDoS protection through AWS Shield
- SSL/TLS certificate management
- Secure content delivery
Rules and Protections:
- SQL Injection and Cross-Site Scripting (XSS) Protection: Automated rules detect and block malicious payloads targeting database queries and client-side scripts.
- IP Blacklisting/Whitelisting: Restrict access based on IP addresses to block known malicious sources and allow trusted entities.
- Rate-Based Rules: Automatically block IPs that exceed predefined request thresholds, preventing Distributed Denial-of-Service (DDoS) attacks and ensuring application availability.
Security Best Practices:
- Automated security patches
- Secure hosting configuration
- Protection against common web vulnerabilities
9. Monitoring and Logging
Purpose:
Explains how the application's security is monitored and how logs are managed to ensure visibility, accountability, and timely detection of security incidents.
Components:
- Logging Services: AWS CloudWatch, AWS CloudTrail configurations.
- Log Retention Policies: How long logs are stored and where.
- Monitoring Tools: Tools used for real-time monitoring and alerting.
- Incident Detection: Methods for identifying security incidents.
9.1 Logging Services
- AWS CloudWatch:
- Logs: Captures logs from Lambda functions and API Gateway, providing detailed insights into application behavior and performance.
- Metrics: Monitors performance metrics such as latency, error rates, and request counts, enabling proactive performance optimization and issue detection.
- AWS CloudTrail:
- Event Logging: Records API calls and actions taken within the AWS environment, providing a comprehensive audit trail for security analysis and compliance auditing.
- Integration: Logs are centralized and integrated with CloudWatch Logs for streamlined analysis and alerting, facilitating real-time monitoring and incident response.
9.2 Log Retention Policies
- Retention Durations:
- CloudWatch Logs: Retained for 90 days to facilitate troubleshooting, performance monitoring, and short-term audit requirements.
- CloudTrail Logs: Retained for one year to comply with audit and compliance requirements, ensuring long-term availability of historical event data.
- Storage Locations:
- Logs are stored in secure S3 buckets with strict access controls to ensure their integrity and confidentiality, preventing unauthorized access or tampering.
9.3 Monitoring Tools
- Real-Time Monitoring:
- AWS CloudWatch Dashboards: Provide visual representations of key metrics and system health indicators, offering an at-a-glance view of application performance and security status.
- CloudWatch Alarms: Trigger notifications based on predefined thresholds for metrics like CPU usage, memory consumption, and error rates, enabling prompt response to potential issues.
- Alerting Mechanisms:
- Amazon SNS (Simple Notification Service): Sends alerts via email, SMS, or other protocols to notify relevant personnel of critical events or anomalies, ensuring timely awareness and action.
9.4 Incident Detection
- Automated Detection:
- CloudWatch Alarms: Automatically detect and notify about unusual patterns or potential security incidents, facilitating swift identification and response.
- Manual Monitoring:
- Security Team Oversight: Regularly reviews logs and monitoring dashboards to identify and investigate suspicious activities, complementing automated detection with human analysis.
10. Incident Response
Purpose:
Outline the procedures for responding to security incidents, ensuring a structured and effective approach to managing and mitigating threats.
Components:
- Incident Detection: How incidents are identified.
- Response Plan: Steps to take when an incident occurs.
- Roles and Responsibilities: Who is responsible for each part of the response.
- Communication Plan: How to communicate internally and externally during incidents.
10.1 Incident Detection
- Monitoring Systems:
- AWS CloudWatch and AWS CloudTrail continuously monitor and log activities within the application, providing real-time visibility into system operations and potential security events.
- Automated Alerts:
- CloudWatch Alarms and Amazon GuardDuty automatically detect and notify about potential security incidents, enabling swift identification and response.
- Manual Reporting:
- Users and team members can report suspicious activities or security concerns through a designated internal communication channel, ensuring that all potential threats are promptly addressed.
10.2 Response Plan
- Initial Assessment:
- Verify the incident and assess its impact
- Classify the incident severity
- Containment:
- Isolate affected systems to prevent further damage
- Implement temporary fixes
- Eradication:
- Identify the root cause
- Remove malicious components
- Recovery:
- Restore systems to normal operation
- Monitor for any signs of recurrence
- Post-Incident Review:
- Conduct a thorough review to identify lessons learned
- Update response plans and security measures
10.3 Roles and Responsibilities
- Incident Response Team:
- Security Lead: Oversees the incident response process and coordinates efforts across teams, ensuring a unified and effective response.
- System Administrators: Handle technical aspects of containment, eradication, and recovery, restoring system functionality and security.
- Developers: Assist in identifying and fixing vulnerabilities in the application, ensuring that code-level issues are addressed.
- Communications Officer: Manages internal and external communications during the incident, maintaining transparency and trust.
10.4 Communication Plan
- Internal Communication:
- Immediate Notifications: Use internal channels, such as Teams or Slack, to alert the incident response team and relevant stakeholders, ensuring that all necessary parties are informed promptly.
- External Communication:
- Regulatory Notifications: Comply with GDPR requirements by notifying supervisory authorities and affected individuals within the mandated timeframe if personal data is compromised, ensuring legal compliance and transparency.
- Public Statements: Issue official statements as necessary to inform users and the public about the incident and remedial actions taken, maintaining trust and credibility.
- Communication Tools:
- Utilize secure communication platforms to ensure that sensitive information about the incident is shared only with authorized personnel, preventing information leakage and maintaining confidentiality.
11. Third-Party Services and Dependencies
Purpose:
Identify and assess the security of third-party services integrated with the application to ensure that external dependencies do not introduce vulnerabilities or compliance issues.
Components:
- List of Third-Party Services: APIs, libraries, plugins, etc.
- Security Assessments: Evaluations or audits of third-party services.
- Dependency Management: How dependencies are managed and updated.
11.1 List of Third-Party Services
11.1.1 Libraries and Frameworks
Frontend Libraries:
- Bootstrap (
^5.3.0
):- Description: Frontend framework for developing responsive and mobile-first websites, ensuring a consistent and user-friendly interface.
- Bootstrap Icons (
^1.10.5
):- Description: Official open-source SVG icon library for Bootstrap, providing a wide range of scalable icons for enhancing UI components.
- Datatables.net-bs5 (
^1.13.6
), Datatables.net-responsive-bs5 (^2.5.0
), Datatables.net-select-bs5 (^1.7.0
):- Description: jQuery-based plugins for creating dynamic and interactive tables with Bootstrap 5 styling, enabling advanced data presentation and manipulation features.
- Vanillajs-datepicker (
^1.3.4
):- Description: Lightweight and dependency-free datepicker for vanilla JavaScript, facilitating user-friendly date selection in forms and reports.
- jQuery (
^3.7.0
), jQuery-ExtendExt (^1.0.0
), jQuery-UI (^1.13.2
):- Description: JavaScript libraries for DOM manipulation, event handling, and creating interactive UI components, enhancing the application's frontend interactivity and responsiveness.
Backend Libraries:
- AWS Amplify (
^5.2.5
):- Description: JavaScript library for interfacing with AWS services, facilitating seamless integration between frontend and backend components.
- AWS SDK (
^2.1420.0
):- Description: Collection of tools for interacting with various AWS services, enabling programmatic management and integration within the application.
- Knex (
^3.1.0
):- Description: SQL query builder for Node.js, supporting multiple database engines and simplifying database interactions.
- pg (
^8.11.5
):- Description: PostgreSQL client for Node.js, facilitating efficient communication with PostgreSQL databases.
- AWS Lambda Dependencies:
- axios: Promise-based HTTP client for the browser and Node.js, enabling efficient API requests and data fetching.
- lodash: Utility library delivering modularity, performance, and extras, simplifying JavaScript development.
- jsonwebtoken: Implementation of JSON Web Tokens, facilitating secure token-based authentication and authorization.
- dotenv: Loads environment variables from a
.env
file intoprocess.env
, enabling secure and flexible configuration management.
Utility Libraries:
- moment (
^2.30.1
):- Description: Library for parsing, validating, manipulating, and formatting dates, simplifying date and time operations.
- date-fns (
^3.6.0
):- Description: Modern JavaScript date utility library, providing a comprehensive set of functions for date manipulation.
- mathjs (
^13.0.2
):- Description: Extensive math library for JavaScript and Node.js, supporting complex mathematical operations and calculations.
- handlebars (
^4.7.8
):- Description: Templating engine for generating dynamic HTML, enabling flexible and reusable frontend components.
- interactjs (
^1.10.17
):- Description: JavaScript library for drag and drop, resizing, and multi-touch gestures, enhancing frontend interactivity and user experience.
- assert (
^2.0.0
), jsdom (^22.1.0
), jsonpath (^1.1.1
), jsonpath-plus (^7.2.0
), JSV (^4.0.2
), sql-parser-mistic (^1.2.3
), node-sql-parser (^4.17.0
):- Description: Various utility libraries for assertions, DOM manipulation, JSON querying, validation, and SQL parsing, supporting diverse backend functionalities.
- pako (
^2.1.0
):- Description: Fast zlib port to JavaScript, primarily for data compression, optimizing data storage and transmission.
- papaparse (
^5.4.1
):- Description: Powerful CSV parser for JavaScript, enabling efficient parsing and manipulation of CSV data.
- underscore (
^1.13.6
):- Description: Utility-belt library for JavaScript that provides support for the usual functional suspects, enhancing code readability and efficiency.
Build and Development Tools:
- parcel (
latest
), parcel-reporter-static-files-copy (^1.5.0
):- Description: Blazing fast, zero-configuration web application bundler, streamlining the build process and optimizing frontend assets.
- babel-plugin-closure-elimination (
^1.3.2
), babel-plugin-transform-remove-console (^6.9.4
):- Description: Babel plugins for optimizing and cleaning up the code during the build process, enhancing performance and security by eliminating unnecessary code and console statements.
- typescript (
^5.1.6
):- Description: Superset of JavaScript that compiles to clean JavaScript output, enabling strong typing and improved developer productivity.
- aws-amplify (
^5.2.5
):- Description: Frontend library to interact with AWS services like Cognito, S3, etc., facilitating seamless integration and efficient development workflows.
11.1.2 Plugins
- Chart.js Plugin:
- Description: Utilized for rendering interactive charts and graphs, providing visual representations of data to enhance reporting and analytics.
- ExcelJS Plugin:
- Description: Employed for generating and manipulating Excel spreadsheets, enabling the creation of customized and dynamic reports based on tenant-specific data.
11.2 Security Assessments
- Vendor Evaluations:
- Process: Conduct due diligence on all third-party vendors to ensure they adhere to robust security practices and compliance standards.
- Criteria: Evaluate based on factors such as security certifications (e.g., SOC 2, ISO 27001), history of vulnerabilities, responsiveness to security incidents, and overall reputation within the industry.
- Regular Audits:
- Frequency: Perform regular security audits of all third-party services and libraries, ensuring that they continue to meet security and compliance requirements.
- Scope: Assess the security posture, update frequency, community support, and vulnerability management practices of each dependency to identify and mitigate potential risks.
- Vulnerability Scanning:
- Tools Used: Utilize tools like Snyk, Dependabot, and npm audit to scan dependencies for known vulnerabilities.
- Procedure:
- Automatically scan for vulnerabilities as part of the CI/CD pipeline to ensure continuous monitoring.
- Review and address any reported issues promptly by updating or replacing vulnerable packages, maintaining the application's security integrity.
- Risk Assessment for Dependencies:
- Assessment: Evaluate the potential risks associated with each third-party library or service, considering factors such as the library's maintenance status, popularity, and historical security incidents.
- Mitigation: Implement measures such as restricting usage of high-risk libraries, limiting their access within the application, and ensuring that only actively maintained and secure dependencies are incorporated into the project.
11.3 Dependency Management
- Version Control:
- Strategy: Maintain up-to-date versions of all libraries and frameworks to incorporate security patches and improvements, reducing the risk of vulnerabilities.
- Implementation: Use package.json and package-lock.json to manage and lock dependency versions, ensuring consistency across development, staging, and production environments.
- Automated Updates:
- Tools Used: Implement automated dependency management tools such as Dependabot, Renovate, and npm audit to streamline the update process.
- Functionality: Automatically monitor dependencies for updates and security patches, and create pull requests to apply these updates, ensuring that the application remains secure and up-to-date.
- Review Processes:
- Code Reviews: Incorporate dependency changes into the regular code review process to assess the impact and security implications of updates, ensuring that updates do not introduce new vulnerabilities or conflicts.
- Testing: Ensure that updates do not introduce regressions by running comprehensive tests, including unit tests, integration tests, and end-to-end tests, before deployment.
- Minimal Dependency Principle:
- Approach: Limit the number of third-party dependencies to those that are essential for application functionality, reducing the potential attack surface and minimizing the risk of introducing vulnerabilities.
- Benefit: A lean dependency tree enhances the application's security posture by decreasing the likelihood of security flaws and simplifying maintenance.
- Documentation:
- Record Keeping: Maintain detailed documentation of all third-party dependencies, including their purpose, version, source, and any known vulnerabilities, facilitating transparency and accountability.
- Change Logs: Keep track of changes to dependencies over time to facilitate auditing, troubleshooting, and understanding the evolution of the application's security landscape.
11.4 Best Practices for Managing npm Dependencies
- Lockfile Maintenance:
- Usage: Use
package-lock.json
to lock the versions of dependencies, ensuring consistent installations across different environments and preventing unintended updates that could introduce vulnerabilities.
- Usage: Use
- Semantic Versioning Awareness:
- Understanding: Be aware of semantic versioning (major.minor.patch) to predict the impact of updates, understanding that major version changes may introduce breaking changes.
- Policy: Avoid automatic major version upgrades without thorough testing to ensure that updates do not disrupt application functionality or security.
- Audit and Remediation:
- Regular Audits: Schedule regular audits using
npm audit
to identify and fix vulnerabilities, ensuring that dependencies remain secure and compliant. - Immediate Action: Prioritize fixing high-severity vulnerabilities immediately to prevent exploitation and maintain the application's security integrity.
- Regular Audits: Schedule regular audits using
- Transitive Dependencies Monitoring:
- Awareness: Recognize that dependencies of your dependencies (transitive dependencies) can also introduce vulnerabilities, necessitating comprehensive monitoring.
- Tools: Use tools like Snyk and npm audit that can detect vulnerabilities in transitive dependencies, ensuring that all layers of the dependency tree are secure.
- Secure Coding Practices:
- Validation: Validate and sanitize all inputs and outputs when using third-party libraries to prevent injection attacks and other security vulnerabilities.
- Configuration: Properly configure libraries to minimize security risks, such as disabling unnecessary features or services, and adhering to best practices for secure configuration.
11.5 Summary
Proper management and assessment of third-party services and dependencies, including npm-installed libraries, are vital for maintaining the security and integrity of the Sheetloom application. By adhering to the practices outlined above, you can mitigate risks associated with external dependencies, ensure that all integrated services are secure and compliant, and maintain a robust and resilient application environment.
12. Deployment and Configuration Management
Purpose:
Detail the deployment processes and configuration management practices that ensure secure and consistent application updates.
Components:
- Deployment Process: How code changes are deployed securely.
- Environment Management: How different environments are maintained.
- Configuration Security: How sensitive configurations are protected.
12.1 Deployment Process
Frontend Deployment:
- AWS Amplify automatically triggers deployments based on BitBucket branch updates:
dev
branch → Development environmentpreprod
branch → Pre-production environmentprod
branch → Production environment
- Each deployment includes:
- Automated build process
- Asset optimization
- Content delivery configuration
- AWS Amplify automatically triggers deployments based on BitBucket branch updates:
Backend Deployment:
Docker Image Management (
run_ecr_build.sh
):- Automates the build process for all Lambda function Docker images
- Handles deployment of images to corresponding ECR repositories
- Manages ECR permissions and access controls
- Ensures consistent container environments across all functions
Infrastructure Management (
sam.sh
):Handles CloudFormation and AWS SAM template deployments
Manages four distinct YAML configuration files:
template_local.yaml:
- Configured for local development and testing
- Enables developers to test changes in isolated environment
template_root.yaml:
- Creates and manages core AWS services
- Handles multi-tenant infrastructure setup
- Establishes foundational services for Sheetloom
template_mt.yaml:
- Environment-specific configurations (dev, preprod, prod)
- Manages API Gateway setup and configuration
- Handles Lambda function deployment for each environment
template_on_prem.yaml:
- Specialized for customer AWS account deployments
- Production-only environment configuration
- Utilizes Docker images from Sheetloom's core AWS account
- Enables isolated customer deployments
12.2 Environment Management
- Development Environment:
- Triggered by changes to
dev
branch - Used for active development and testing
- Contains non-sensitive test data
- Triggered by changes to
- Pre-production Environment:
- Triggered by changes to
preprod
branch - Mirrors production configuration
- Used for final testing before production release
- Triggered by changes to
- Production Environment:
- Triggered by changes to
prod
branch - Hosts live application
- Contains customer data
- Deployment requires additional approval steps
- Triggered by changes to
12.3 Configuration Security
- Sensitive Information:
- API keys stored in AWS Secrets Manager
- Database credentials managed through IAM roles
- Environment variables secured in Lambda configurations
- Access Controls:
- Production configurations restricted to authorized personnel
- Changes require approval and documentation
- Regular audits of configuration access
- Deployment Security:
- Backend deployment scripts maintained in version control
- Access to ECR and Lambda updates restricted to authorized team members
- CloudFormation changes reviewed before application
13. Risk Assessment and Management
Purpose:
Outline the framework and processes for identifying, assessing, and managing security risks to the application.
13.1 Risk Assessment Framework
Component | Description |
---|---|
Likelihood | 1 (Rare) to 5 (Almost Certain) |
Impact | 1 (Negligible) to 5 (Critical) |
Risk Score | Likelihood × Impact |
Risk Level | Low (1-6), Medium (7-14), High (15-19), Critical (20-25) |
13.2 Risk Analysis Matrix
Risk Score | 1-6 | 7-14 | 15-19 | 20-25 |
---|---|---|---|---|
Category | Low | Medium | High | Critical |
Review Frequency | Annual | Quarterly | Monthly | Weekly |
Owner Level | Team Lead | Department Head | CTO/CISO | Executive Team |
13.3 Identified Risks
13.3.1 Technical Risks
Risk ID | Description | Likelihood | Impact | Score | Controls |
---|---|---|---|---|---|
TR-01 | Data breach via unauthorized access | 3 | 5 | 15 |
|
TR-02 | Service disruption due to AWS outage | 2 | 4 | 8 |
|
TR-03 | Data loss due to backup failure | 2 | 5 | 10 |
|
TR-04 | API rate limiting breach | 3 | 3 | 9 |
|
TR-05 | Dependency vulnerability exploit | 4 | 4 | 16 |
|
13.3.2 Operational Risks
Risk ID | Description | Likelihood | Impact | Score | Controls |
---|---|---|---|---|---|
OR-01 | Human error in production deployment | 3 | 4 | 12 |
|
OR-02 | Insufficient incident response | 2 | 4 | 8 |
|
OR-03 | Key personnel dependency | 3 | 4 | 12 |
|
OR-04 | Configuration management errors | 3 | 3 | 9 |
|
13.3.3 Compliance Risks
Risk ID | Description | Likelihood | Impact | Score | Controls |
---|---|---|---|---|---|
CR-01 | GDPR compliance violation | 2 | 5 | 10 |
|
CR-02 | SOC 2 requirements breach | 2 | 4 | 8 |
|
CR-03 | Data retention violation | 3 | 4 | 12 |
|
13.4 Risk Treatment Plans
High and Critical Risks (Score ≥ 15)
TR-01: Data Breach Prevention
- Implementation Timeline: Q2 2024
- Budget Allocation: $XXX,XXX
- Actions:
- Implement advanced threat detection
- Enhance access controls
- Regular penetration testing
- Security awareness training
TR-05: Dependency Management
- Implementation Timeline: Q3 2024
- Budget Allocation: $XX,XXX
- Actions:
- Implement automated dependency updates
- Establish vulnerability management program
- Regular security assessments
- Vendor security reviews
13.5 Risk Monitoring and Review
13.5.1 Monitoring Metrics
Technical Metrics
- Security incident frequency
- Mean time to detect (MTTD)
- Mean time to resolve (MTTR)
- Vulnerability closure rate
Operational Metrics
- System availability
- Deployment success rate
- Incident response time
- Training completion rate
Compliance Metrics
- Audit findings
- Policy violations
- Compliance training completion
- Control effectiveness
13.5.2 Review Schedule
Risk Level | Review Frequency | Stakeholders | Deliverables |
---|---|---|---|
Critical | Weekly | Executive Team | Status Report |
High | Monthly | Security Team | Risk Assessment |
Medium | Quarterly | Department Heads | Trend Analysis |
Low | Annual | Team Leads | Summary Report |
13.6 Risk Appetite Statement
Sheetloom maintains a balanced approach to risk management:
Zero Tolerance
- Customer data breaches
- Regulatory compliance violations
- Extended service outages
Moderate Tolerance
- Minor service disruptions
- Non-critical feature delays
- Performance degradation
Risk Accepting
- New technology adoption
- Feature experimentation
- Process improvements
13.7 Annual Risk Assessment Schedule
Month | Activity | Participants | Deliverables |
---|---|---|---|
January | Annual Risk Review | All Stakeholders | Annual Report |
April | Q1 Assessment | Security Team | Quarterly Update |
July | Mid-year Review | Department Heads | Mid-year Report |
October | Q3 Assessment | Security Team | Quarterly Update |
13.8 Risk Management Roles and Responsibilities
Executive Team
- Risk appetite definition
- Resource allocation
- Strategic direction
Security Team
- Risk assessment execution
- Control implementation
- Monitoring and reporting
Department Heads
- Risk identification
- Control effectiveness
- Team compliance
Team Members
- Risk reporting
- Control execution
- Process adherence
14. Physical Security
Purpose:
Detail the physical security measures protecting the infrastructure, ensuring that physical access is controlled and monitored to prevent unauthorized access and tampering.
Components:
- Data Center Security: Physical security controls for data centers, if managing own servers.
- Access Controls: Physical access to facilities and equipment.
Note:
For AWS services like Amplify, physical security is managed by AWS. This section outlines AWS's physical security measures and how they support Sheetloom's security posture.
14.1 AWS Physical Security
- AWS Compliance Certifications:
- AWS data centers comply with industry-leading physical security standards, including ISO 27001, SOC 2, and PCI-DSS, ensuring that physical infrastructure meets stringent security requirements.
- Data Center Protections:
- AWS employs multiple layers of physical security, including perimeter fencing, security guards, intrusion detection systems, and biometric access controls, to protect against unauthorized physical access and environmental threats.
14.2 Reference to AWS Security
- Shared Responsibility Model:
- While AWS manages the physical security of their data centers, Sheetloom is responsible for securing data and configurations within the AWS environment, adhering to best practices for data protection and access management.
- Compliance Alignment:
- Leverage AWS's compliance certifications, including AWS Amplify, to support Sheetloom's adherence to GDPR and other relevant regulations, ensuring that the underlying infrastructure meets necessary security and compliance standards.
15. Conclusion
Purpose:
Summarize the security posture and reaffirm the commitment to maintaining and improving security, ensuring stakeholders are confident in the application's resilience and compliance.
Components:
- Summary of Security Measures: Recap key security controls.
- Future Plans: Upcoming security enhancements or reviews.
- Commitment Statement: Reiterate dedication to security and compliance.
This document outlines the comprehensive security measures implemented to protect the Sheetloom application. By leveraging AWS services such as Amplify, Cognito, and S3, we ensure data confidentiality, integrity, and availability for our tenants. Our adherence to GDPR and alignment with industry standards like ISO/IEC 27001 and SOC 2 demonstrate our commitment to data privacy and regulatory compliance. We continuously monitor our systems, conduct regular security assessments, and update our practices to address emerging threats. Sheetloom remains dedicated to maintaining the highest standards of security and compliance to safeguard our users and their data.