Six Key Security Principles
Our DreamSave solution for savings groups features a “secure-by-design” architecture that incorporates best-in-class security technology and processes into every aspect of the product infrastructure. This strategy is based on six key security principles:
Full Member Transparency. When groups use DreamSave, there is no way for officers to tamper with records, modify policies, conduct side deals, or make any other modification to group settings without the full group being notified.
Protect Every Layer. Every layer of the DreamSave system (apps, users, networks, compute engines, storage systems, servers) will include separate layers of best-in-class security protection so there are no weak links in the chain.
Verify Every Interaction. No user or service will be allowed to access any portion of the DreamSave system without being fully validated and authenticated first. This is essential to the design of any modern mobile solution that involves interactions between human users (members, groups, administrators, support, developers) and automated computer processes (apps, networks, storage, etc.).
Use Proven Open Systems. The underlying infrastructure of DreamSave will be based on proven components that are open, transparent, and widely available for extensive public scrutiny wherever possible. This approach, which makes extensive use of open source software, helps ensure that security vulnerabilities in the underlying infrastructure are discovered and fixed quickly by security experts worldwide. Apps that rely on closed, proprietary infrastructure are far more vulnerable to compromise.
Assign Minimum Privileges. Any user or process in the DreamSave system will have the minimum privileges required to perform its authorized responsibilities, and no more. This design principle provides separation of duties and helps ensure that no user, administrator, or automated service has the rights to access unauthorized data or perform unauthorized tasks.
Record Everything. Every activity performed anywhere in the DreamSave system, either by a human user or automated service, will be fully logged and recorded. This helps ensure no compromise can occur without being detected and leaves a detailed audit trail for security and compliance purposes.
The DreamSave system reflects these key principles in multiple ways, including the following:
- User Notification. Any financial transactions or changes to a group’s settings will trigger a notification to members to ensure transparency and trust.
- End-to-End Encryption. User data transmitted over the network during backup, synchronization, and data collection is encrypted using bank-grade AES 128-bit encryption technology (for perspective, this encryption method would take the world’s fastest supercomputer an estimated 885 quadrillion years to break1 ).
- Authentication. All data sources are verified to ensure that only valid transmissions between the DreamSave app and the DreamSave cloud are authorized.
- Data Integrity. The data itself is verified on both ends to ensure that it has not been tampered with or altered in any way while in transit.
- Attack Prevention. The network infrastructure includes multiple layers of protection to defend against denial-of-service, spoofing, man-in-the-middle, and other similar attacks.
- Infrastructure Security. DreamSave is built on the Google Cloud Platform, proven at scale in the world’s most rigorously tested environments. Data transmissions must pass through multiple layers of firewalls, virtual machine container security, and certificate-based service authentication. Identities, users, and services are strongly authenticated with multiple factors. Access to sensitive data is protected by advanced tools like phishing-resistant keys and application layer transport security.
- Data Loss Prevention. DreamSave user data is stored in a secure web-scale database, built on the open source Casandra platform (the same secure database architecture trusted by organizations like Intuit, CERN, IBM, Apple, Netflix, and eBay2). Data is replicated across three redundant clusters in separate security zones to provide robust fault tolerance, failover, and disaster recovery protection.
- Security Audits. The DreamSave cloud infrastructure is audited regularly to validate firewall ports, user accounts, and permissions. All activities leave an unalterable audit trail in detailed security logs to ensure full transparency.
For additional questions about DreamSave security, contact us at: email@example.com.
DreamStart Labs, Inc., 2907 Shelter Island Dr., Suite 105 San Diego, CA 92106, USA .
Copyright © 2020 DreamSave Security Overview - All Rights Reserved.
1 A Complete Guide to AES Encryption, ProPrivacy.com, February 2019
2 Apache Software Foundation, Customers, March 2020