The Text Messaging Platform is a distributed, fault-tolerant, cloud-based application that can scale vertically and horizontally. Backend components disconnected from the platform are responsible for sending and receiving SMS messages (via 3rd party providers). The platform only allows HTTPS connections from users. It’s a client of our REST API and provides a user interface for reading and writing program data.
The platform is hosted on a virtual private cloud in Amazon Web Services. None of the servers running the platform are directly accessible to the internet and are protected by a Bastion Host that serves as a firewall to protect our VPC. When employees need access to servers, they use private key encryption to tunnel through the Bastion Host to reach the servers behind them.
Signal Vine relies on AWS elastic load balancers and elastic IP to provide high availability to the platform. Amazon Route 53 provides DNS.
The platform is protected by AWS Shield Standard, which is a managed DDoS protection service that safeguards the Signal Vine web application.
AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency that would affect users accessing our service. The platform is stored in five data centers distributed throughout the Northern Virginia AWS region.
All services (web servers, database, search) have redundancies for high availability.
The platform is accessed over SSL with 128-bit encryption and authentication. The platform servers do not accept non-encrypted requests.
Database backups and password data are encrypted at rest. Different encryption schemes are used. Passwords are encrypted using a Bcrypt algorithm and SHA-256 encryption.
Data is only sent using 128-bit authentication. All data is encrypted and delivered by HTTPS. Signal Vine does not support insecure connections to the platform.
All data is partitioned by account and program, which provides row-level security to authorized users. The design of the platform enforces restricted access levels and does not allow unauthorized access to data. Each user is assigned a partition key and can only access data in the partition to which they are assigned.
User passwords are encrypted using a Bcrypt hashing function and a single use salt, which is not stored. The platform backs up data nightly and ships transaction logs to allow for a point in time recovery to within 15 minutes of when the database goes down. The database is not accessible directly via the internet. It is only accessible via a private network interface connected to the data center.
As noted above, the platform is hosted on a group of separate, secure application servers. All servers can only be accessed using key-based authentication (a 2048-bit RSA key pair). Signal Vine employs access control policies to secure appropriate access and ensure that personally identifiable information (PII) and all data is protected by encryption. Signal Vine employs highly restrictive network access and a rigorous data backup protocol. In addition, an activity log is monitored when data is exported.
Compliance with State and Federal data privacy regulation is ensured through periodic peer review of compliance laws and ops/coding practices, procedures, and implementation.
Application Security and Case Management
Customers control staff access to student profile and message data by assigning security roles to users. There are currently three supported roles:
- Account Administrator. Access to view and manage all programs, groups, and students in an account. Account Administrators can invite users to the platform and can view and revoke all account users’ access to the platform. They have all permissions available to users at a lower access level.
- Program Administrator. Access to view and manage specific programs and their associated students within an account. Program Administrators can invite users to the platform (with Program Administrator permissions or lower). They can view and revoke access to any user with access to the programs they administer. They have all permissions available to users at a lower access level.
- Counselor. Access to one or more groups within one or more programs. Counselors can only view messages and manage the data associated with students belonging to the Counselors’ assigned groups.