Security

More related security information can be found here https://www.hava.io/our-security
  • Credentials
  • What data is used
  • Data that is stored
  • Data encryption

Credentials

AWS keys are stored used AES encryption, but we also promote using Amazon Cross Account Roles for allowing access. Finally, the user is free to tighten the IAM policy to whatever it is that they're comfortable with, and Hava will work past any resources that can't be identified. This of course has limits, we must be able to retrieve a rudimentary amount of the EC2 data to create anything useful.

What data is used

Hava imports users data via the AWS or Azure APIs, the basic level of information it requires to generate a useful visualization centers around the AWS EC2 service. We offer a variety of IAM policy configuration that can allow or deny access to certain calls based on the users security policy and comfort of the service. This allows for a "progressive enhancement" style algorithm depending on the access granted to certain resources.

Data that is stored

Hava stores metadata around each running service (i.e. resource ids, configuration values, current metrics) to allow diagrams to be identified and created. Hava imports no data from within user services, but as above, users are welcome to alter the IAM policy to allow a level of access they're comfortable with.

Data encryption

RDS is configured to store all data at rest, additionally, column-level encryption of any secret credentials are performed to ensure that data cannot be decrypted without a private key from the application server - this protects against potentially harmful SQL injection attacks.