Technical FAQs: Security Measures
This page provides details on the security measures used by JourneyApps.
Geographic Location of Cloud Hosting & Infrastructure-Level Security
The JourneyApps cloud-based App Back-end is available in multiple regions, and the region where your data is hosted can be configured based on where you are located. Please contact JourneyApps Support for more details on configuring the location of your hosting. The current supported regions are:
|Region||Geographic Location||Infrastructure Provider|
|United States||Virginia||Amazon Web Services|
|European Union||Ireland||Amazon Web Services|
|Asia-Pacific||Sydney, Australia||Amazon Web Services|
|Africa & Middle East||South Africa||Hetzner|
As shown above, in most regions the JourneyApps cloud-based App Back-end is hosted on Amazon Web Services Elastic Compute Cloud (EC2). In other regions (Africa & Middle East), equivalent hosting providers are used with regard to security and reliability.
Amazon Web Services provides world-class security measures and certifications for infrastructure-level security. Certifications provided by AWS include HIPAA, SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, FedRAMP(SM), DIACAP and FISMA, ITAR, FIPS 140-2, CSA and MPAA. Please consult the AWS Security Center, AWS Compliance, the AWS Security Processes Whitepaper as well as the AWS Risk and Compliance Whitepaper for more information.
Security Measures in the cloud-based JourneyApps Backend
- Data on JourneyApps servers is backed up daily.
- Back-ups are encrypted and stored off-site in a secure data centre.
- Access and security policies for JourneyApps technical staff performing maintenance on infrastructure conforms with the highest industry security standards.
- JourneyApps servers are equipped with firewalls to restrict network access.
- Servers are penetration-tested and operating system upgrades, patches and infrastructure software updates are applied on a regular basis.
- Users of the JourneyApps Backend web interface access the portal through an encrypted connection (TLS/HTTPS) and authenticate using a username and password upon access.
Mobile User Access and Communications Encryption
- All communication between mobile devices and JourneyApps servers occur over a Transport Layer Security (TLS) encrypted channel.
- The JourneyApps mobile application utilizes a secure temporary enrolment token to link itself to the JourneyApps Backend
- Mobile devices authenticate against the JourneyApps servers on each network request.
- Mobile device user profiles can be disabled on the JourneyApps Backend, which will cause the user to be unlinked from the mobile app in the JourneyApps Container (the native container app that users install on their mobile device does not contain any customer-specific code e.g. data models or business logic. Data models and business logic are downloaded and updated over-the-air once the user has been authenticated)
Further Security Measures on Mobile Devices
- Notwithstanding the communication security measures outlined above, the JourneyApps mobile application stores a subset of data locally on mobile device memory in a binary format.
- For further on-device security, we recommend configuring security-related on-device settings on mobile devices. Such on-device security settings that are available include, but are not limited to: requiring the user to authenticate using a PIN code every time when the screen is unlocked, wiping the device if a predefined number of incorrect PIN attempts are made, and encrypting the entire filesystem (if available)
- 3rd party Mobile Device Management (MDM) services can also be utilized, which enable enforcing such security policies as outlined above, remotely wiping data, remotely locating devices, and more.