Security at Persefoni
Last Updated: October 6, 2023
From inception, Persefoni recognized the need to have security architected throughout the Persefoni Climate Management & Account Platform (CMAP) and our supporting services. Our customers share data to calculate their carbon footprint and expect their data to be kept secure and confidential. To that end, we have invested heavily in our platform to enable enterprise-grade security features and processes. With this, Persefoni's security posture is guided and maintained by four (4) security principles as described further on this page:
- Provision and Manage Users with the Principle of Least Privilege
- Architect and Develop for Security and Privacy
- Train and Educate on Security Repeatedly
- Align and Comply with Industry Security Standards
For further information of Persefoni's security and privacy controls or to request copies of Persefoni's audit reports and certifications, please visit Persefoni's Trust page.
Shared Security Responsibility Model (SSRM)
As a Software as a Service (SaaS) application hosted in Amazon Web Services (AWS), we maintain a list of security responsibilities that are shared between AWS, Persefoni, and Persefoni’s customers. At a summary level those responsibilities are:
- AWS is responsible for the physical data centers, networking, perimeter security, hardware configurations, and availability of the Platform-as-a-Service (PaaS) services provided to Persefoni for use in the CMAP.
- Persefoni is responsible for security configurations including but not limited to data encryption at rest and in transit, network and firewall restrictions, and application, database, container, and infrastructure security.
- Persefoni's customers are responsible for the proper use of and security access configurations in the CMAP. Other responsibilities include but are not limited to user setup and management, user access reviews, data quality, data classification standards, third-party integration setup, and, as applicable, the single sign-on (SSO) setup.
Principle 1: Provision and Manage Users with the Principle of Least Privilege
- The security principle of "least privilege" is utilized across all Persefoni systems. Access to platform code and data depends on the resource’s role, and production access by employees is particularly controlled and restricted.
- Persefoni utilizes Privileged Access Management (PAM) to manage and audit access to production environments. Using PAM, developers must request access to a production environment and the request must be approved by Persefoni’s Engineering leadership. Once access is granted, the access duration is limited to a specific duration and activity logs are available for later review.
- Persefoni reviews Persefoni personnel access to all systems at least quarterly.
- Customers are responsible for reviewing access to their Persefoni account following their own access review policies and procedures. Persefoni resources with direct access to customer accounts are always shown in Persefoni User Manager screen, so customers have a full view of all users with access to their data.
Principle 2: Architect and Develop for Security and Privacy
- The Persefoni CMAP consists of a multi-tier, multi-tenant SaaS application hosted in AWS and is architected into four distinct tiers or layers: the highly protected database tier, API tier, front-end tier, and web browser (which is managed by the customer).
- Web application firewalls, security groups, access control lists, and other security detection and control mechanisms are deployed between layers to provide multiple layers of protection between the internet and database tier.
- Persefoni supports identity provider (IdP) initiated SSO via the SAML protocol with IdPs such as Okta, Microsoft, and Ping.
- If SSO is not utilized, and username and password authentication is chosen instead, Persefoni supports multi-factor authentication and IP allow listing to enhance access control to the CMAP. In this configuration, passwords are hashed with bcrypt and salted.
Data Storage and Backup
- Persefoni's multi-tenant architecture concurrently stores data in AWS US-East 2 (Ohio), US-East 1 (Virginia), EU-West 1 (Ireland), and AP-Northeast 1 (Tokyo). Note: If you have specific data residency needs, please ask your Persefoni Sales Representative about Persefoni's single tenant architecture model.
- Data within the Persefoni Platform is backed up continuously and can be restored to any point in the last 72 hours.
- Additionally, backups are taken each day and maintained for at least a year.
- Backups will always be encrypted using Advanced Encryption Standard (AES) 256-bit encryption and are stored in secure, geographically dispersed AWS S3 buckets.
- Persefoni utilizes encryption at rest using Advanced Encryption Standard (AES) 256 and encryption in transit via TLS 1.2 or above. Persefoni also utilizes Perfect Forward Secrecy (PFS) ciphers for data transmission outside the CMAP.
- Persefoni's multi-tenant architecture utilizes AWS managed encryption keys. Note: If you require customer managed encryption keys, please ask your Persefoni Sales Representative about Persefoni's single tenant architecture model.
Monitoring & Logging
- Persefoni maintains monitoring and logging for each level of the platform's architecture, including databases, containers, load balancers, firewalls, and other application components.
- Persefoni maintains all log information for at least one year for security reviews.
- If a security event is identified to be a threat, Persefoni Engineering and Information Security teams are notified immediately to triage, classify, contain, and remediate the security event or incident, including details such as the time of the event and impact to the platform.
- Persefoni is hosted in Amazon Web Services (AWS), and AWS data centers maintain several physical security controls to protect Persefoni and customer data. Persefoni reviews and validates AWS security controls at least annually to affirm they are operating effectively. Please navigate the AWS Compliance page for further information on its data center controls.
Secure Development Lifecycle (SDLC)
- Persefoni implements automated and manual review processes to ensure quality and security assurance in our software development processes starting from product design and feature creation through deployment to production.
- Static Application Security Testing (SAST) of the platform's containers, software packages, and code is conducted with each software build.
Network & System Hardening Standards
- Persefoni implements its application infrastructure and network configurations with guidance from industry-leading security standards such as NIST Cybersecurity and CIS Level 2 frameworks.
- Persefoni maintains and executes security baseline requirements for each layer of the platform architecture.
Principle 3: Train and Educate on Security Repeatedly
- All Persefoni employees and contractors undergo security awareness and data privacy training upon hire and annually thereafter.
- All Persefoni employees and contractors undergo criminal background checks before starting at Persefoni.
- All Persefoni Engineering personnel undergo secure development + OWASP 10 training upon hire and annually thereafter.
- Informal security awareness training is conducted every two weeks during Persefoni all company meetings.
Principle 4: Align and Comply with Industry Security & Privacy Standards
- Since Personally Identifiable Information (PII) is not required for carbon accounting calculations, Persefoni stores and processes very limited PII. Only users’ first name, last name, business email address, and IP address are stored in order to support authentication, logging, and audit requirements.
- Further to the shared data security responsibility principles, Persefoni specifically requests that customers do not upload other PII to the CMAP.