3. Instance and Network Security
Every microservice runs inside a well-defined Docker container that allows specific levels of access to select controllers. Logz.io uses Docker to avoid erroneous instance-configuration changes, upgrades, and corruption that are common sources of security breaches. Additionally, the company hardens operating systems within containers to enable various network access controls (such as iptables).
Logz.io takes all necessary precautions to ensure that every layer involved in data transfer is secured by best-of-breed technologies. The company’s network is segmented using AWS security groups, VPCs, ACLs, and additional custom measures. In addition, their threat-control center is kept up to date with security alerts that are analyzed and addressed in real-time. Through in-depth network monitoring, Logz.io is able to detect anomalies and take a proactive approach to eliminating potential breaches.
4. Customer Data Security
Logz.io secures each and every step of the data funnel by provisioning dedicated data stores for each individual customer, ensuring full data-segregation. Data is tagged, segregated, and tunneled through the company’s data-ingestion system. They mark each specific piece of given customer data according to its associated organization, which is associated with that data throughout its life cycle. When data is in transit in Logz.io’s ingestion pipeline, it is marked with specific information, including its associated customer, so that it can only be accessed by that customer. The company supports SSL encryption for data in transit, so customers can securely upload their data to the Logz.io cloud and securely browse through their own Logz.io console. Cold data is encrypted and hosted in separate Simple Storage Service (S3) buckets, which are secured via durable AES 256-bit encryption.
In addition, Logz.io continuously tracks and maintains the location and state of their customers’ data. That way, when the company retires an operating system, for example, and decommissions the related machine, Logz.io is sure to wipe clean any informational residue that may have been left behind before returning the machine to AWS. Disks are specially formatted to ensure that data recovery is not possible at a later point in time.