Circuit Stream Platform FAQ
What encryption are you using on stored data?
The data will be stored in a database provided by Amazon Relational Database Services. As such, the database will be encrypted using AES-256, as detailed in their documentation. Internal cloud connections to the DB will be done over SSL.
If you want to get a jump start on creating VR and AR, work with the best instructors from the industry, and gain valuable skills to develop your own VR/AR apps, we believe the course is right for you!
How are you encrypting the data as it is being transmitted between the point of origin and your data center/instance?
The transfer of data is safeguarded on two principles:
1. Private Key Encryption and HTTPS
Per Circuit Stream's Security Policy of using private key cryptography, anyone who will setup or use the cloud servers will have to use a private key encryption and HTTPS (secured web pages). Data between the client and the cloud is sent using a RESTfull API over standard HTTPS protocol. Since we control both endpoints, we can ensure that everything is kept up to date with the latest security patches.
2. Amazon Web Services (AWS)
AWS encrypts and guarantees high levels of security. When using AWS we will always take the highest level encryption security tier. All data is restricted to and backed-up in the U.S. West 2 geographic region.
Do you have logging enabled to see who has accessed our data as part of your confidentiality agreement? Is the information ever audited?
Amazon Web Services has an extensive access right management system called IAM. It is fine grained to enable role-based access, i.e. developers may access the DB metadata (for debugging, upgrades etc.), but not the data itself. Any direct access to the raw data will be restricted to essential personnel who are trained in IT security.
On the client side, access to the data is controlled exclusively through user management provided by the application, and as such is under control of the client.
All cloud DB accesses will be logged and audited using AWS CloudWatch service.
Is our data “co-mingled” with other customer data or is it stored separately?
We use a separate AWS database instance per customer - it allows for better scaling and control than a single database.
If you have a data breach do you have a response plan that involves notifying your customers of the potential loss of intellectual property?
- 1. Change all passwords relevant to the incident.
- 2. Contact the customer by phone call first then email within 90 minutes.
- 3. Contact all relevant stakeholders by email within 24 hours.
- 4. Take immediate and appropriate next steps to resolve the incident.
Contact Circuit Stream with more questions
You're welcome to apply and book time for a phone call with our admissions team here, or send any questions to firstname.lastname@example.org.