Reward Gateway utilizes Amazon Web Services (AWS) to provide the resources to host the Reward Gateway application. Reward Gateway leverages the Infrastructure as a Service (“IaaS”) provided by AWS to set up virtual servers to meet current and future demand. Reward Gateway’s Operations team is responsible for architecture within the AWS environment, and ensuring software and operating system configurations meet availability, security, and resilience requirements.
The main SmartHub platform is deployed on instances running Kubernetes orchestration software. These instances are set up to auto-scale in response to increased traffic, such as seasonal holidays.
Reward Gateway mirrors production technology and functionality (e.g., software, systems, data) between AWS regions to permit the resumption of operations in the event of a significant incident at any of the production facilities.
Reward Gateway uses a MySQL Galera database cluster for the majority of customer, transaction, and application data. The MySQL Galera cluster includes a primary nodes with multiple replicas. These nodes spread out across at least 3 AWS Availability Zones for fault tolerance and redundancy in each AWS Region in EU-WEST-1 (Ireland) and EU-CENTRAL-1 (Germany).
The underlying disks used by our databases are Amazon EBS and EFS volumes. These are encrypted with AES256 using our keys stored in AWS KMS. To wipe a disk, we can simply destroy the keys or re-encrypt the disks with new keys. This happens every time AWS provisions a volume to a new AWS customer – disks are wiped and encrypted with the next AWS customer’s keys.
The process for deriving a new key for a customer is as follows:
- A Client Data Key is generated on Amazon KMS hardware security module (HSM.) This Client Data Key is never held in the clear and is encrypted under Reward Gateway’s Main Data Key.
- A new database for the programme is created with a unique set of access credentials. These are generated randomly with entropy from the hardware security module.
The access credentials are encrypted on the hardware security module using the encrypted Client Data Key. A hashed copy of the credentials is used to set up the access. Plain text versions are discarded.
- The encrypted access credentials and encrypted Client Data Key are stored in Reward Gateway’s tenant directory.
When access to client data is required, services accessing the data:
- The encrypted access credentials for the client are fetched from Reward Gateway’s tenant directory.
- The encrypted Client Data Key is decrypted using Reward Gateway’s Main Data Key in the HSM and is used to decrypt the access credentials. The plain text Client Data Key is discarded.
- Access to the client database is established using the access credentials. The plain text access credentials are discarded.
- The data access is performed.
We have not yet exposed the ability to rotate Client Data Key’s in Reward Manager, but can do this on request.
Customer content, such as uploaded images, are held on an AWS Elastic File Storage pool. A newer AWS S3 location is used for specific product file storage and for database backup and archival purposes.
Reward Gateway uses AWS’ physical network infrastructure for connectivity, but maintains logical network management including DNS, load balancing, and web application firewalls. This includes the management of traffic-balancing between regions via AWS Global Accelerator.
Firewalls and Virtual Private Clouds are employed to segregate network access and isolate the production environment from all non-production environments.
Client domain names and nameserver records are kept in AWS Route 53 and DNSMadeEasy.
We use self-managed Amazon EC2 instances for client data, with encrypted partitions. Amazon KMS is used with our ‘tenant directory’ to manage access credentials to client data.
We do use a form of Column Level Encryption for some parts of the application, like account details for Direct Debits or Childcare Voucher payments.
Reward Gateway maintains a number of physical offices, globally where employees may choose to work from (or work from home.)
All production and other key infrastructure reside within physically-secure third-party cloud data centers managed by Amazon Web Services.
- AWS hosts the Company’s production infrastructure from the EU-West region (Ireland) with redundant infrastructure (mainly for disaster recovery purposes) in the EU-Central region (Frankfurt.) The geographic separation allows for confidence in business continuity in the event of catastrophic failure in a region.
- AWS Availability Zones are used to isolate infrastructure and avoid failure scenarios due to environmental hazards like fires, floods, and tornadoes. Independent physical infrastructure such as dedicated connections to utility power, network connectivity etc. are used to accomplish this.
- AWS maintains high standards of uptime, security, and audit compliance (including standards such as SOC, and PCI).
The “program ID” is used thereafter for associating data with the specific customer. Each customer's data is logically separated from other customers' data using these IDs.
Customers then transfer data relating to their employees to us in order to assign licenses and create accounts on our platform. Reward Gateway supports importing manually through Reward Manager, importing via batch transfer from the customer’s HRIS over SFTP, or through direct API integration with a range of supported identity providers. Customers are responsible for the security and confidentiality of the data prior to the import.
There are various integration and registration methods available to match the customers appetite for data sharing, including self-registration and manual approval by HR administrators.
Management Information reports are available in PDF, comma-delimited value file exports, or from within SmartHub and Reward Manager. The availability of these reports is limited by role-based access.
All production customer data (covering both Eligibility Data and Platform Usage Data from above) is encrypted at rest within Reward Gateway’s network, which is managed by AWS. Customers and employees connect to Reward Gateway via the Transport Layer Security (TLS) protocol. Additionally, there is no production data residing in any non-production environments.
Please sign in to leave a comment.