Data and Encryption Policies
Vulnerability Detection and Penetration Tests
Automated scans of LiveHire’s infrastructure are performed every week. Vulnerability and security lists are actively monitored for CVE and other vulnerability disclosures with appropriate actions taken. An external agency is engaged to perform a penetration test at least annually, with results mitigated as appropriate. LiveHire takes security seriously, and prioritises remediation of issues.
Data Center & Data Location
LiveHire services are hosted on Amazon Web Services’ (AWS) EC2 platform. The physical servers are located in AWS’s secure data centres, within the Sydney (ap-southeast-2) region. From Amazon’s documentation: AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). We undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems. More information AWS EC2 data centre security can be obtained from Amazon directly here.
The production environment is kept separate from development and testing environments, with no network connectivity between the two. Maintenance of the production environment is performed mostly automatically, but where staff are required to connect, a separate specialised VPN is used. A restricted set of trained staff are authorised to connect via this VPN for other maintenance tasks as required. Extra policies and firewall rules are in place to ensure that production data cannot leak in any way via this VPN.
LiveHire uses CloudFlare for DDoS protection and Web Application Firewall services. LiveHire is developed with the principle of least privilege and with best practise security in mind – such as OWASP, to prevent attacks such as SQL injection or Cross-Site Scripting attacks.
Application Login security
SAML 2.0 SSO is supported for LiveHire users. All users are able to use either Google, Facebook, or LinkedIn authentication services. In these cases, the login security settings of the authentication service will be used. If logging in directly to LiveHire using an email and password, we require a minimum of 6 characters. Passwords are stored securely in a hashed form and therefore can never be sent via email.
LiveHire treats all user data as protected and access is granted by principle of least privilege. Select few authorised members of the LiveHire team have direct access to production data and systems. A further limited list of authorised users are permitted to view aggregate data for reporting purposes. We maintain a list of members of the LiveHire team with access to the production environment and all LiveHire staff must undergo a police background check. Each environment (e.g. Development, Test, UAT) maintains a separate list of members with access. The LiveHire team has limited access to user data through restricted access support tools. Support team members cannot review user-generated content without an express and revocable grant of permission.
Third Party Access
LiveHire relies on AWS for physical data centre security. LiveHire’s platform is hosted on AWS’s EC2 platform. The physical servers are located in AWS’s data centres. Production data is never stored on physical media, and all data remains inside AWS data centres, with the exception of an encrypted (in transit, and at rest) database archive, which is kept on Microsoft Azure services, also located in the Sydney region. From Amazon’s documentation: AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems. More information on AWS EC2 data centers is available directly from Amazon here.
Corporate Network and Portable Media
As LiveHire has a flexible working policy, our security policies reflect the need to be able to work from any location. As such, the corporate office networks are not treated any different from public networks. Connections to back-end services and development environments must still pass via encrypted VPN. Data stored within the production network is prevented from flowing back down to the office network, or to staff devices by means of strict firewall and OS policies. Because of this, data can never be copied onto removable media.
LiveHire uses standard Transport Layer Security (TLS) AES encryption for all data in transit. This includes all data sent between back end components such as web and database layers. In addition, insecure cipher suites have been disabled in accordance with best-practise. All user data is stored on drives that are whole-disk encrypted using AES encryption with a unique encryption key for each server. This also includes all backup sets.
All encryption keys are managed using the Amazon Key Management Service. The encryption, key management, and decryption process is inspected and verified internally by Amazon on a regular basis as part of their existing audit process. All keys remain entirely within Amazon’s systems, and are managed by LiveHire’s Infrastructure team. Archived backup sets stored within Microsoft Azure have separate keys that are kept solely within the Azure platform.
Removing/Deleting Data from LiveHire
At the request of any user, all data belonging to the requesting party can be removed from the system.
Development, Patch and Configuration Management
All changes to LiveHire systems and code are required to undergo both peer-review and testing within separate sand-boxed environments. All changes therefore are required to pass through at least two environments successfully before being approved for implementation in production. All operating systems undergo a similar patching regime, where patches must first pass through DEV and TEST environments before being approved and tested for installation within the production environment. Patches are generally prioritised dependent on relevance and level of security impact. Patches and system configuration are managed from a central system to ensure consistency across the server fleet.
LiveHire logs events in multiple ways. Logical event actions are logged within the application database. All web traffic is also logged to a separate internal data store for analysis, capacity planning, and diagnostic purposes in the event of any issues. Other system logs also go to the same location for a clear picture across the environment if faults need this level of triage. Error logs and metrics are also sent to external logging services that keep logs for a limited time, to assist in alerting and monitoring. These external logs do not contain Personally Identifying Information.
LiveHire leverages AWS as its primary cloud provider, and as such does not need to dispose of server hardware. Staff laptops/workstation policy is outlined in a further section below. Where virtual assets are required to be decommissioned, Amazon guarantee that deleted volumes are irrecoverable once destroyed. As there are several layers of abstraction across redundant systems, there is practicably no way to recover any data once this occurs.
Backup and Disaster Recovery Policy
A full backup of the core database is taken every 24 hours. Additionally incremental transaction log backups are performed every 20 minutes. All backups are encrypted and stored at different locations to mitigate risk. These backups have a test restore performed every night to verify consistency. All backups are encrypted at rest using the 256-AES encryption scheme. LiveHire maintains a monthly set of backups indefinitely, while daily backups are kept for 40 days. Transaction Log backups are also kept for 40 days to enable point-in-time restores, usually for diagnostic purposes. Backup locations have strict access rules, and only authorised LiveHire administrators have permission to retrieve and restore backups. Attachments such as CV’s and other user documents are not required to be backed up, as they rely on Amazon’s internal S3 storage redundancies.
LiveHire is architected in such a way that we can cope with a whole Amazon datacenter being off-line (an extremely rare event). Should Amazon ever lose two datacenters at once, LiveHire can fully recover with a maximum data loss of 20 minutes. LiveHire’s uptime has historically been 99.99% (measured yearly)
Incidents and Response
LiveHire has an incident response plan that adheres to the Australian Privacy Act. This plan includes open and honest communications with users of our platform. LiveHire treats every event that impacts functionality seriously, with our response plan immediately triggering technical triage and remediation, as soon as we’re aware of any potential issue. Uptime and functionality is our primary goal, and a balance is struck between the severity of site degradation, and time to patch, vs time to completely fix. Root cause analysis is performed once we are satisfied our users are no longer impacted.
Workstations / Laptops
All staff computers are required to participate in LiveHire security policy, which includes anti-virus and anti-malware, as well as password policies. Updates to anti-virus and security patching of workstations is managed centrally. As production data is prevented from leaving the data centre, LiveHire has no need of portable or removable media for user data. As described above, data is always protected with strong encryption both in transit and at rest. Upon disposal, all equipment must pass through our internal infrastructure team to ensure all data is wiped and devices are returned to a factory state.
LiveHire has a flexible working policy for staff, and does not maintain any infrastructure on-site at offices (other than basic internet connectivity). This means that staff are able to work from any location just as well as at LiveHire offices. In turn, this means that all connections to any back-end services are required to be encrypted via certificate-authenticated VPN. Additionally, production data is prevented from being transmitted outside of the data-center environment, which is housed within secure AWS data-centers. Any analytics and reporting work is therefore also required to be worked on within specialised remote sessions, which are only granted to a very limited number of trained staff. A limited number of engineering staff have access to the platform, and must also traverse VPNs in order to perform their maintenance tasks within LiveHire’s various environments. Production services are kept completely separate from Development and Testing environments, as well as support services.
Security and Hiring Process
As part of LiveHire onboarding process, employees are made aware of security policies and requirements. Any changes to security policy or procedure are distributed to staff in LiveHire’s regular ‘all-hands’ meetings. Employment contracts contain Non-Disclosure and Intellectual Property clauses, which apply both during and after employment. Contractors that are required to work near production data must also sign NDA and restriction of IP contracts. All LiveHire staff must undergo an Australian Police-check prior to being hired. Contractors will also undergo the same process if in their role they are required to work near production data, or LiveHire’s codebase.
LiveHire uses an enterprise grade password manager, which requires all staff to have a strong password for, as well as 2FA. Where possible, other systems in use by LiveHire require strong passwords, and 2FA is strongly encouraged. Limited VPN access is granted via user-specific certificate authentication.
LiveHire’s systems are architected in such a way that regular maintenance should not cause any disruption of service. When larger maintenance is required, this is always performed outside of business hours, within a weekend outage window that occurs from 2AM AEST through till 8AM AEST, on both Saturday and Sunday. These times have been chosen as the quietest times in order to minimise impact to users. We frequently evaluate our outage windows in order to make sure this impact minimisation continues
In rare circumstances, unforeseen events may require us to perform more urgent maintenance. When this occurs, our main concerns are the usability and stability of the platform. The impact of the required maintenance is weighed up against any current degradation of site reliability and performance, and we will endeavour to only perform the bare minimum required during business hours to restore functionality, while pushing as much as we can out of hours to minimise this impact.
Need to report a vulnerability?
If you have a vulnerability or security concern to report, send it through to our security team here at LiveHire on firstname.lastname@example.org