Security

Earth Observing System uses leading technologies to secure data and protect user privacy. We are thus dedicated to providing you with the highest security standards.

If you found any security breach in our project, learn how to report a security concern.

Infrastructure security

Our infrastructure runs inside data centers designed and operated by Amazon Web Services (AWS). AWS’s data centers are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.

Offices of Earth Observing System are equipped with access control, intrusion detection, and video surveillance systems.

Software security

According to our Change Management Policy all of our system components run the latest stable versions of operating systems and applications. All documented threats are tracked from public security research databases (such as the Common Vulnerabilities and Exposures or Open Source Vulnerability Database catalogs). All critical security patches are installed on system components as soon as possible.

We run automated vulnerability scanners at least quarterly and after any significant changes in our infrastructure.

Our developers strictly follow secure software development requirements, including Open Web Application Security Project guidelines.

Account security

You can create an account with an email address and a strong password. We also offer two-factor authentication for logins to help you protect your account. All suspicious activity of user's accounts is monitored and, if necessary, can be blocked.

DDoS mitigation

We use AWS Shield as a protection against DDOS. This is a new managed service that protects our web applications against DDoS (Distributed Denial of Service) attacks. It protects from 96% of the most common attacks today, including SYN/ACK floods, Reflection attacks, and HTTP slow reads. This protection is applied automatically and transparently.

Data security

All our data transmissions over public networks are protected via HTTPS. We use TLS 1.2 for secure data transfer, adding another layer of protection to the encrypted data blob. The data of our users is stored in security storage with AES-256 encryption.

User imagery

Access to all the imagery of our users is closed from the outside by default. Users can access to their images only after successful two-factor authentication.

Logging

We track and monitor all access to network resources and data. Logging mechanisms and the ability to track user activities are utilized for preventing, detecting, or minimizing the impact of a data compromise. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in security storage. The appropriate measures were implemented to detect and prevent log tampering or interruptions.

Regular audits

Security audits, penetration tests, vulnerability network and web application scans are conducted by qualified personnel at annual basis and after any significant changes in our infrastructure. In results we regularly get review of our hardware, software, and physical security configurations. If we discover a vulnerability, we follow a formal incident response framework to ensure rapid threat mitigation.

Employee access

EOS team access is controlled by a carefully managed Security Policy. All team members sign non-disclosure agreements to protect your data. Employees must revalidate their credentials every 8 hours using two-factor authentication. The system/session idle timeout features have been also limited to 15 minutes in our system components.

We maintain the Information Security Awareness Program for employees, which regularly receive training for handling sensitive data and for avoiding social engineering and other non-technical attacks.