background

Security Model

Last Updated - November 1st 2017

The Donna security model is an end-to-end process focused on keeping our customers and their data safe when using our Products. We understand that the User Data that Donna processes is of a highly confidential and valuable nature and we are committed to protect, transfer, process and store the data accordingly. Donna uses Google Cloud Platform to operate our servers and many of Google’s advanced security practices help ensure Donna’s security model as well. In addition, Donna uses a combination of Auditing, Encryption and Anonymous Processing technologies to further enhance security. An overview of these security measures is given here.

Data Access

The layers of the Donna application and storage stack require that requests coming from all components (human or automated) are authenticated and authorized. Access by production application administrative engineers to production environments is also controlled. A centralized group and role management system is used to define and control engineers’ access to production services, using a security protocol that authenticates engineers through the use of short-lived personal public key certificates; issuance of personal certificates is in turn guarded by two-factor authentication.

Donna will not share your User Data with third parties or other users and User Data is only used to improve the quality of the algorithms that power Donna. Data that is used for this purpose is anonymized, split and shuffled to the extent that there is no way to directly or indirectly obtain any identifiable information from the User Data.

Data Encryption

Donna services always encrypt customer content that is stored at rest. One or more encryption mechanisms are used. For example, any User Data is encrypted under the 256-bit Advanced Encryption Standard (AES-256), and each encryption key is itself encrypted with a regularly rotated set of master keys. Donna services also use encrypted SSL/TLS channels for communication.

Secured Service APIs and Authenticated Access

All services are managed through a secured global API gateway infrastructure. This API-serving infrastructure is only accessible over encrypted SSL/TLS channels, and every request must include a time-limited authentication token generated via human login or private key-based secrets through the authentication system described above.

All access is governed by a strong password policy, enforced 2-factor-authentication and an audit log.

Logging

All requests for accessing, processing or storing data and User Data are logged in a secure Audit Trail.

Secure Global Network

Donna operates on a private global network helps to improve the security of data in transit by limiting hops across the public Internet. All internal network traffic is governed by firewall rules and access policies. External connections to the network are forbidden except for a tightly controlled set of access points which feature a secure encrypted cannel and are governed by the earlier mentioned authorization and role management system.

Intrusion Detection

Donna’s intrusion detection involves tightly controlling the size and make-up of Donna’s attack surface through preventative measures, employing intelligent detection controls at data entry points, and employing technologies that automatically remedy certain dangerous situations.

Security Scanning & Code Signing

All layers of the Donna application and storage stack are audited and monitored for security vulnerabilities. We use tools to scan our software for known vulnerabilities and use code-signing certificates to ensure that no unauthorized changes are made to our code and services after these security audits.