In this article, we will describe the security practices and policies with regards to your data within FlyData. If you have any questions on what happens to the data in transit through the FlyData Cloud and how we protect your data, then this article is for you!
# Data In-Transit
Whether you are using FlyData Direct or the FlyData Agent, we use standard OpenSSL, based on a 2048-bit RSA key using 256-bit AES Encryption. All communications outbound to services such as Amazon S3 or Amazon Redshift use the AWS SDK, which has encryption enabled by default. If you are using the Agent, the Agent will work with our frontend service to determine the best cipher and hash algorithms available on both sides. The frontend service is configured to disable known unsafe ciphers.
# Data at Rest
FlyData will buffer your data on our servers for a period of time in order to:
- Perform transformations
- Prepare the data for S3 and Redshift
- Protect against endpoint service outages
While any buffered data is not encrypted for performance, the storage of the data is for a very short period of time unless there are extended endpoint service outages. The data processing servers are not exposed to the public network at any given time, and access to them is restricted to FlyData Operations personnel using 2-factor authentication.
# Infrastructure Access
Access to the FlyData Infrastructure is restricted to FlyData Operations through 2-factor authentication over a VPN tunnel, which uses a standard OpenSSH key infrastructure.
FlyData complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. FlyData has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view FlyData certification, please visit http://www.export.gov/safeharbor/.