Amplify API Management Platform security white paper

This paper describes Axway's Amplify API Management Platform architecture and the security features and controls it provides to protect enterprise data at the user, device, and data level. This document is intended to serve as an introduction and the reader is encouraged to contact Axway Customer Success for the most up-to-date best practices and deployment options.

No part of this publication may be reproduced, transmitted, stored in a retrieval system, or translated into any human or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual, or otherwise, without the prior written permission of the copyright owner, Axway. This document, provided for informational purposes only, may be subject to significant modification.

For the most up-to-date listing of Axway product names, see www.axway.com. All trademarks used herein are the property of their respective owners.

Introduction

The trends in the industry are clear – the velocity and costs of disclosed security breaches are at the highest levels the industry has seen. Today's security and risk teams need to strike a balance between delivering business productivity and securing enterprise information.

Axway, from its inception, has security in its DNA, with key long-established customers in banking, healthcare, government and beyond, our success is predicated on security and trust. In short, ensuring the confidentiality, privacy, integrity, and availability of customer data is our highest aim. The Axway Amplify platform delivers a highly secure hybrid cloud architecture (SaaS and Axway Managed / Customer Managed), built to meet the requirements of enterprises worldwide. It uses multiple layers of protection and defense-in-depth to ensure end-to-end protection of confidential data. In the following sections of this document, we will explain Axway's philosophy and the technology with which Amplify addresses the complex problem of security.

Background

Before diving into the specific security details of Amplify, it is important to understand the basic needs Amplify addresses for our customers. Here is some background of the overall architecture and feature set of the Amplify platform offering.

Amplify is an enterprise integration platform which allows our customers to solve integration complexity, enforce IT policy, and scale at will. Through these integrations your teams will be empowered to:

  • Stop repetitive one-off integrations, and focus on reusable integrations that can be leveraged by wider internal and external teams.
  • Gain cloud cost savings and increase scale by moving on-premises integration silos to the cloud, or by leveraging them in place with hybrid deployment.
  • Extend the value of traditional integration patterns like files, messages, and transactions through API enablement.

Amplify allows a flexible model with services hosted in the cloud connecting to private cloud and on-premise installations, meeting the varied data storage needs of our customers.

Key components of the Amplify functional architecture include:

  • A "frictionless" user experience. Amplify allows users to easily view and manage their hybrid infrastructure with a single management plane.
  • A choice of regions. Amplify Regions are the physical location where a customer's Amplify organization is tethered. Check with your Customer Success Manager for the most current list of regions. Across the regions is the Global Administrative Plane, which acts as a traffic manager to route users to the appropriate region, as well as providing aggregate views across all installations. Regions additionally provide the logic and orchestration that deliver critical enterprise features.
  • A comprehensive set of group-based security controls: Security and controls enabled at the user, team and asset level give IT the tools and infrastructure integration to deploy the solution with confidence and maintain control of and visibility.
  • Enterprise-grade administration and control features. A single, interface for administration, support and reporting features gives IT the tools they need to support Amplify at scale.
  • Axway Managed Cloud and Private Clouds provide flexibility to ensure security and compliance. Selected Amplify solutions may be hosted in Axway-managed or Customer-managed locations to give IT the control it needs over data storage and residency to meet internal and industry regulations for file handling and data residency. Organizations can be deployed in any of three locations. First, in a public cloud as part of your Amplify account in either the U.S., EU or other Amplify-hosted storage. Next, selected Amplify products can be deployed in a virtual private cloud hosted off-site, provided through a trusted cloud infrastructure provider but under your control. Finally, you can choose to deploy these products in a private cloud completely under your control.

Axway’s Security Philosophy

Axway has been fortunate to succeed in the software industry, for the past 20 years, because we have gained our customers' trust; trust in the capabilities of our products, and trust that Axway will act as a custodian to protect our customers from malicious attack or breaches. If we lose our customers' trust, we lose our footing as a company, Axway's highest priority is to protect the confidentiality, integrity, privacy, and availability of our customers' data. Security at Axway is designed, operated and controlled to continually assure that:

  • Axway’s infrastructures and assets are protected.
  • Customer data that are stored and processed as part of the services we provide are protected.
  • Products and services that Axway builds and sells are secured by design and tested to comply with industry-level security best practices.
  • Axway complies with data protection regulations, including EU GDPR and US HIPAA.

Axway Security Policies and Procedures: All security policies and procedures are documented as part of our Information Security Management System (ISMS) and Axway employees and contractors, acting on Axway’s behalf, are required to cooperate and support Axway’s pursuit of security and continual improvement and to adhere to the policies and procedures contained within the ISMS.

Shared Responsibility

Axway and its cloud technology partners are responsible for the physical infrastructure and network security of the application instances. In addition, Axway endeavors to provide services that are "secure by default", but it is the responsibility of our customers to ensure that these services are used in a secure manner. Imagine if you hired a home builder to provide you with a secure, state of the art home. You wouldn't want to leave the keys to the front door underneath the doormat. This analogy is especially true with infrastructure and services, because you are only as strong as your weakest vulnerability. The table below outlines some of these responsibilities:

AMC allows additional flexibility in application-level controls and network controls over SaaS, though the installation and maintenance of those items is the responsibility of Axway.

Security / Defense in depth

Defense in depth is the practice of implementing multiple layers of security throughout a system to help thwart an attack. If one mechanism fails, another can "step up" and prevent the attack from proceeding. There are several guiding principles for how Axway approaches enterprise-grade security outlined below:

  • Make security as seamless as possible. There are many ways to enhance security while making the user experience easy. Single Sign On (SSO) is an obvious approach to reduce user friction and keep users happy. We always look to reuse our customer's existing security infrastructure rather than replicate it.
  • Centralize policies. Use of centralized policies offers security and compliance without requiring users or IT to take extra steps.
  • Protect by enabling (and monitoring). Ironically, sometimes the best way to secure a process is to not lock it down but allow it to happen with the proper controls and IT reporting in place. When users go to consumer products, data is at risk and IT doesn't even know about it. Meaningful and automatic reporting gives IT a way to manage the unmanageable.
  • Trust but verify. There is a veritable alphabet soup of certifications and attestations that cloud vendors can go through. We will go through the process of gaining relevant certifications.
  • Security, privacy, and compliance should not interfere with user experience. It is not only possible to build security features and controls that don't create friction for users, but they can also enhance user productivity.
  • Be as restrictive or permissive as your business demands. Every organization has varying requirements for security and compliance. IT administrators and security professionals should be able to fine-tune security policies and controls to meet the needs of their business and their users.
  • Security features don't matter if users go around them. Consumer-grade cloud services have created huge risk for enterprises. The only way to mitigate this risk is to give users consumer-grade experiences that make their jobs easier, while still complying with enterprise-grade security requirements. And if IT does not meet these needs, users will go around them.
  • All content is not created equal. While SaaS is the future, storing data in the cloud is only one of several deployment options for cloud applications. We believe organizations should have flexibility in where data is stored. Furthermore, centralized policies that are completely invisible to the user should automate how and where data is stored.

Identity & Access (How you access your data)

As with anything that needs to be secure, the first step is to verify identity. Many attacks start with a hacker impersonating a trusted user or system, so it is extremely important to take extra measures to ensure an identity is highly vetted before being verified. Once identity is established and trusted, additional safeguards are required to limit access to only allowed resources. The following sections detail Axway's stringent approach to implementing the appropriate mitigating security controls.

Authentication

  • Single Sign On (Active Directory or any SAML-based authentication). Authentication can be completely delegated to the customer's AD/LDAP by leveraging federated identity management for authentication. With a customer-managed SAML identity provider, users no longer enter their Amplify username and password to access Amplify on the desktop, the web, and mobile devices. Instead, they leverage their existing corporate credentials to log in and, in many cases, do so in a completely transparent way with absolutely no forms to fill out.
    • Since authentication is delegated to secure, authorized servers outside of Axway's control, Axway servers are never privy to corporate passwords— authentication credentials remain squarely in the control of the corporate system.
    • Organizations can take control of their passwords by implementing strong password policies, password expiration timeframes, and repeat-use policies using their existing authentication infrastructure.
    • The web browser client (platform.axway.com) uses a cookie-based token with appropriate inactivity timeouts.
    • Multi-factor authentication—Using a SAML identity provider (IdP), Amplify supports multi-factor authentication such as one-time-passwords, Touch ID on mobile devices, smart cards, PKI certificates, and similar technologies. Customers not using an IdP can still take advantage of MFA options natively provided in the Amplify Platform. 
  • Account lockout on multiple failed authentication requests. User accounts are temporarily locked after multiple consecutive unsuccessful login attempts.

Authorization

Once a user's identity is established, additional controls are necessary to limit access to data and systems. When one enters a bank, they do not suddenly gain access to the vault, cashier drawers or other's safety deposit boxes; instead, the bank has implemented many controls limiting that person's access to only those services that they are authorized to use. Axway seeks to set a high bar to protect our customers’ data and systems at every step. Amplify has implemented the following processes and controls to guarantee appropriate authorization is granted for access to specific data and system functions:

  • Role-Based Access Controls: Amplify offers a variety of delegated roles that deliver role-based access controls (RBAC) to provide granular security controls. These roles include the account owner who by default is the Global Admin. This Global Admin role has a wide range of controls over the account, its policies and settings, as well as the users, devices and data under management. As a best practice, Global Admin accounts should be as few as possible. You can read more about Role Based Access at Amplify Support. There are multiple types of roles available:
    • Platform Roles: a role that applies to all the capabilities of the platform and is mutually exclusive. You can only have 1 platform role, such as Administrator. This role can be different per organization to which you are a member.
    • Service Roles: roles that are specific to a capability such as Amplify Central or Flow Manager. These roles are not mutually exclusive. A member can for example have one role in Amplify Central and three roles in Flow Manager for a specific organization. 
    • Team Roles: roles that define what a user is allowed to do with the assets of a team. Part of the team roles are mutually exclusive and part of them are not.
  • User management. Easily manage user account setup and support.
    • Access user accounts to support users and access content.
    • Delete or suspend user accounts.
  • Team management. Set policies that enable deployment to user groups at scale.
  • Free account restrictions. if users in your organization attempt to self-provision an account on Axway's website using their corporate email address, since the domain used matches yours, Amplify will block the user from self-provisioning and route the user to your pre-configured IdP.

Apps & Data Security (How your data is managed)

The Amplify architecture allows for flexibility in where data is stored and processed.

 

Data Segregation

The Amplify logical architecture is composed of several primary components, organized into planes

  • Administrative Plane: The administrative plane holds items such as organizational info, user records and roles, with cross-control-plane visibility into aggregated usage and metrics views. This data is mostly public or lightly sensitive, including people's first names, last names, and the general org structure someone could discern from public information. Passwords are either stored in a company IdP, or Axway stores them according to security best practices.
  • Control Plane: The control plane manages the operation of data plane, and holds information such as app management, configuration data. Data could contain keys, configurations, and some secrets, but generally not extremely sensitive or restricted data unless it is transmitted as part of logs/records sent to the control plane
  • Data Plane: The data plane is the processor of data based on control plane rules and contains the potentially most sensitive data. Customers may not wish to have this data go outside their VPC or on-premise infrastructure. The Amplify primary infrastructure is multi-tenant, but depending on the product, the customer may have additional options for providers (including dedicated, separated hardware and/or self-managed instances) when it comes to both Axway Managed Cloud and private hosting options.
  • Management Plane: We combine the administrative and control planes into a conceptual "management" plane that encompasses the complete control and operation of various, federated data planes.

Regional and local storage of data is recognized as extremely important to customers for both business and compliance reasons. Amplify allows for data storage in a variety of configurations to meet these varied needs.

Amplify meets the needs for various compliance standards (including GDPR, HIPAA and others) via regionalized or managed/private cloud storage while connecting to a global administrative plane holding a bare minimum of organization metadata to facilitate management and visibility objectives.

Data Retention

Data is deleted when customers have stopped using the Amplify platform (following our retention / backup policies), or as necessary to comply with specific data processing directives (e.g., GDPR). Data retention policies are flexible, based on customer needs and requirements. Specific options for what types of data are retained and deleted on which schedule can be found in product-specific white papers.

Data Redaction

Selected products offer customizable data redaction policies to comply with your specific data redaction needs.

Data Regionalization

Taking the global view above and focusing on a single region, during the onboarding process, a new organization chooses a region of choice for SaaS storage of data. Depending on the products selected, additional connections may be made to either Axway managed cloud or private cloud installations located in an area of the customer's choosing. This flexible model can meet the needs of multiple regulatory or compliance obligations. All connections are done via encrypted transport mechanisms.


Tenant Segregation

This section only applies to the multi-tenant capabilities within the Amplify API Management Platform and does not apply to Axway Managed Cloud and Private Hosting options. Axway recognizes that additional considerations need to be addressed in multi-tenant configurations. Options for both data isolation and guards against tenant interference are available.

Data Isolation

Amplify allows for the segmentation and separation of one tenant’s data from another tenant’s 

  • The SaaS management / control plane is shared
  • Data and data processing are isolated according to customer preference and requirements, depending on type of product and deployment flexibility
  • Data processing may happen in other regions in line with Data Regionalization directives
Tenant Interference

For the potential over-consumption of one set of resources by one customer negatively impacting others. We address this via:

  • quotas on resource consumption
  • rate limiting to prevent bursts
  • elastic scaling of resources

Data Privacy

GDPR, CCPA, HIPAA and other regulatory frameworks protect privacy rights and give users control over their data. This area is evolving rapidly!

  • Privacy Shield Frameworks are now defunct
  • Replacements are Standard Contract Clauses (SCC) and Data Processing Agreements (DPA)
  • Processes in place for data privacy law adherence, including the “right to be forgotten”

Axway recognizes that requirements can come from a variety of internal and external sources. Most privacy laws do not require data to be stored in-country, but business may have other requirements or constraints. Amplify can adapt to meet these varied situations.

Encryption

Amplify adopts a multi-pronged approach to security, encrypting data both while in motion and while at rest.

  • Data is encrypted during transit via TLS 1.2+ connections
  • Data is encrypted at rest 
  • Sensitive data (secrets, passwords, etc.) are stored using industry recommended best practices
  • Data are stored on encrypted volumes
  • Database snapshots are also stored encrypted
  • Customers may choose to have private network connections created between clusters for additional transport security.

Key Management

Encryption keys are securely stored and regularly rotated. Certain services and products also allow for customer-managed keys (CMK). Please see individual product documentation for more information.

Password / Secrets Handling

  • Secure password storage. For non-SAML accounts, Amplify enforces a minimum length and complexity on user-generated passwords and the credentials are compliant with industry recommended best practices (e.g., as recommended by NIST). The password is never stored by Amplify for authentication purposes.
  • Runtime secrets. such as database passwords, are stored as Kubernetes secrets, with encryption at rest
  • Customer secrets. such as API keys, are stored in our database instance, encrypted at rest with a key stored as a runtime secret, and transmitted via an encrypted connection.


Physical Access Control

Authorized staff must pass authentication to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. For items hosted at a trusted cloud provider (CP), The CP only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When a CP employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of the CP. 

Reporting

Amplify provides multiple views into your usage across the platform to allow for actionable insights on your organization's interactions.

  • Usage dashboard. Get a snapshot of activity within the platform so you can monitor overall usage.
  • User access reports. Audit a user or asset to see what was done.
    • Meet compliance requirements for tracking changes and access to an asset.
  • Report access. Download data and metrics in CSV or other file formats.

Network Security

Among the many attack vectors that exist today, the network layer with its myriad touch points and integrations is of paramount concern. Amplify has been designed, with forethought, to mitigate these risks with a holistic approach to network security. It is important to provide security at every point along your data's journey. A good security implementation requires multiple layers of security, similar to how you might protect valuables at your home. At your home, you might employ surveillance cameras, a door lock, a barking dog and perhaps a safe. This same layered concept has been implemented within Amplify, but at the most stringent and comprehensive levels. 

Network Separation

Virtually all cyberattacks rely upon the network as the substrate for their attack vectors. To mitigate this risk Amplify isolates and separates customer instances (non-multi-tenant environments) and introduces security countermeasures, such as multi-factor authentication (MFA) and the usage of bastion nodes to prevent direct access to protected resources. In addition, Axway maintains isolation between customer environments using the following technologies and techniques:

  • Host instance isolation for dedicated Cloud Services customer implementations: Customers are configured with dedicated/ separate computing instances which includes applications, storage repositories, and operating system environments.
  • Network controls: The infrastructure is designed such that no customer environment has direct network access to another customer environment.
  • Separation of Axway operational/management systems: Axway security and management tools have dedicated virtual private networks which provide greater isolation of customer systems.
  • VPCs: Axway utilizes VPCs to leverage secure networking between Axway operational staff and Cloud Services infrastructure. VPCs are also utilized for customer environments for additional network security controls including isolation of traffic to and from public and internal subnets.
  • Cloud Infra Providers - Dedicated Instances / Dedicated Hosts: For selected customers and customers with applicable contracts, Axway also provides physical isolation from other customers using Dedicated Instances/Hosts which provides physically separate infrastructure from other cloud accounts.

Domains & Certificates

Amplify SaaS services have an auto-assigned URL under a centralized domain name, and the customer may then redirect their traffic using their DNS infrastructure to that service.

In the event the Customer or one of its partners requests the usage of an SSL certificate from a certificate authority (CA), Axway may provide one or more certified certificates to the Customer for the exclusive use of these Axway services. The default offering is to provide self-signed certificates. Certificates provide by Axway are the exclusive property of Axway. Unless explicitly requested by the Customer three months in advance, the certificates are automatically renewed per the duration or period of validity until the end of the contract.

Network Firewalls

The platform infrastructure for our SaaS and AMC services provide protection against the following issues:

  • Man-in-the-middle attacks (MITM)
  • Distributed Denial of Service Attacks (DDoS)
  • IP Spoofing
  • Port Scanning
  • Packet Sniffing

Additionally, Axway operates a network intrusion detection system (NIDS) to monitor and react to identified issues:

For customers with additional security concerns, direct, private connections between components (both cloud-to-cloud and cloud-to-ground) can be facilitated.

Axway can provide optional dual VPN tunnels to connect the Customer network to the Axway Managed Cloud Service. This service includes monitoring of the VPN link to detect issues on the line. Axway is responsible for the connection point to the Axway infrastructure (SLA). Axway is not responsible for the customer or partner connection point or the availability of the network (internet / extranet) between the customer / partner and Axway. The technical setup is limited to the configuration of the VPN on the Axway side. The customer is responsible for the configuration of the VPN link in its IT infrastructure. The VPN connection is made over the Internet.

Hybrid Connectivity

Amplify relies on agents to provide communication and translation between the Amplify management plane and the control plane of the enterprise environment. The connections from the agents are outbound only, and agents establish secure outbound connections to Amplify via HTTPS and SOCKS protocols. Amplify manages configuration for the agents. This model allows for faster reaction to changes in the ecosystem, and tighter integration with CI/CD processes.

API Firewalling

All applications are installed behind an industry standard firewall, which are patched on a monthly basis. All access is controlled by Axway Control Access Lists and deployed in a protected DMZ. Firewalls are placed strategic choke points throughout the architecture of solutions. Each customer environment is deployed into individual Virtual Private Clouds, strictly segmented from other environments. For the Amplify SaaS platform, the DB has its own security group and own network segment. It does not receive any traffic outside the dedicated customer VPC. We have strict security rules which allow only nodes from the application cluster to make connections to the database. All DB nodes are part of different availability zones (AZ).

All network devices are installed within a secure perimeter, physically accessible only to authorized personnel, and implemented with appropriate logical security. Where relevant to SaaS services deployed inside the Amplify cloud, there are very strict policies when it comes to interacting with customer data. Axway’s underlying trusted cloud infrastructure providers keeps their "virtual endpoints and devices" separate from the customers infrastructure.

Security Management

Audit / Logs

Audit logs contain enough information to allow for source identification of potentially malicious behavior. Significant changes are tracked and reviewed on a continuous basis. Retention of Audit and log data is following customer's subscription preferences and regulatory compliance (where applicable). 

For managed cloud customers, third-party tools and/or manual review can be performed as desired to analyze the log data. The Axway solution can create and deliver the logs required to power these. For the SaaS components, product audit logs are processed, and anomalies reviewed by operations on-call engineers.

Audit logs can be signed before they are written to a file or database to ensure their integrity. Access to logs is dependent on where they are written and who has access to the infrastructure. For SaaS components, the logs are read-only and maintained in an encrypted storage location.


By default, the solution is configurable to limit the size of logs and to retain only a certain number of logs, such that the disk should not fill up. You can also configure open logging off box to ensure this does not occur. In SaaS environments, scaling will occur as required.

Alerting

All host systems within the Axway Cloud Services environment and Axway network are configured to collect, and then transmit security relevant events to a single repository, which then has all events analyzed by the system. In addition, a Host-based Intrusion Detection System (HIDS) is installed on all hosts to alert to suspicious, malicious or noncompliance events. The HIDS is configured to automatically notify personnel through the capabilities native to the event monitoring solution. This solution monitors system performance utilization, access and activity events, and unauthorized intrusion attempts.

There are a vast number of security alerts that we can report on. Examples include:

  • Throttle limits (transaction/time or bandwidth/time) per user, IP, or any other contextual identifier. These can also be configured per instance, cluster, API, or any other contextual piece.
  • HTTP status codes, such as 403 (Forbidden) or 404 (Page not found) attempts that might indicate a stolen credential.
  • Attempted code, database, etc. injections
  • Virus detection (via third-party tool integration), inclusion of sensitive/personal data (such as SSNs), inclusion of key words in messages.

For capabilities deployed in a private hosting environment, alerts can be sent via local syslog, remote syslog, email, SNMP, AWS SNS, Windows Event Logs, and more. For SaaS components, alerts can be set up against user audit logs accessible via REST API, but system logs are not directly accessible.

Compliance 

Certifications and Audits: Axway maintains several certification programs and is audited annually by reputable external companies on security standards including:

  • SOC 2 Type 2, SOC 3
  • ISO 27001, ISO 9001
  • NIST 800-53 / FISMA Moderate
  • FedRAMP Ready (Syncplicity only)
  • Privacy Shield, GDPR, HIPAA: Amplify has the necessary controls and safeguards to securely handle data on behalf of our customers.
  • ITIL v3
  • BSIMM
  • Common Criteria
  • FIPS 140-2: The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government security standard that specifies the security requirements for cryptographic modules protecting sensitive information. To support customers with FIPS 140-2 requirements, Amplify VPN endpoints operate using FIPS 1402 validated hardware.

AWS and Azure both carry additional certifications including:

  • SOC 1 (SSAE16), SOC 2 Type 2, SOC 3: Amplify cloud storage and orchestration layers utilize SSAE16 SOC1 Type II, SOC2, and SOC3 audited data centers.
  • BSI C5
  • CSA STAR
  • ISO 27001, ISO 27017, ISO 27018
  • PCI DSS Level 1
  • ISO 9001
  • FedRAMP (Moderate, High)
  • ITAR
  • CJIS, FIPS, NIST

More information can be found at https://aws.amazon.com/compliance/ and https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/.

Axway is also regularly audited by many of our customers. We respond to these audits seriously and value the feedback from our customers. The audit findings are remediated by Corrective Actions, entered in our CAPA management system, and we work with our customers to develop agreeable action plans to make any improvements needed with our processes.

Other Compliance Programs: In parallel with our Security Management Program, Axway has an active Quality Management Program, driven by the requirements of ISO 9001:2015. Axway maintains certification for ISO 9001 that covers our Customer Success Organization (Technical Support, Professional Services, Managed Cloud Services).

See https://www.axway.com/en/customers/axway-quality-and-security-compliance for additional information

Security-as-a-Service

For interested Axway Managed Cloud customers, Axway can also provide additional security monitoring and reporting options. Security-as-a-Service is a suite of add-ons to provide continuous security monitoring and third-party validation so that customers can integrate Axway Cloud into their security and governance program.

Reliability & Resiliency or “Business Continuity”

Availability - regions

Amplify Services are distributed across multiple regions, and across multiple availability zones within a particular region. Availability zones are constructed as discrete, independent data centers with high-speed network sufficient to allow for synchronous replication. In the unlikely event of a full region outage, a separate disaster recovery plan is put in place to resurrect the platform in a new region.

Monitoring

Automated Monitoring: Activity Monitoring of key processes assures the achievement of SLAs. Moreover, the appearance of bottleneck situations can be identified and addressed before they impact the service. As part of the Axway continuous process improvement strategy, automated routines for monitoring are being continually enhanced. Axway employs alerting mechanisms to ensure that errors are addressed promptly.

Manual Monitoring: Automated monitoring will be verified by manual inspections of the application and regular inspection of the solution according to Axway operations checklists. The contents of these lists are based on:

  • the consumed service and associated terms and conditions
  • the customer activity topology

The contents of these lists are updated based on:

  • changes and new services
  • new releases of any component of the service

Any event detected by proactive monitoring triggers creation of a ticket and the incident management process. 

SLA

Axway Managed cloud customers with an optional Disaster Recovery (DR) service will have a separate DR environment for their solution. This service is intended only in the case of a major disaster and cannot be treated as a backup solution. Customers with no DR option in their contract and those in the Public Cloud model will be subject to best efforts to restore the service in case of a major disaster. If Axway cannot successfully complete the DR test within the SLA indicator, Axway will analyze the root cause and perform another test within 60 days after the first test.

The Amplify Platform is subject to the SLA options as laid out in the official documentation. See additional documentation here: https://www.axway.com/en/legal/contract-documents/support-and-sla

Product Updates

Multi-tenant platform updates are tested and released as part of a continuous deployment process, with potentially disruptive updates scheduled during pre-determined maintenance windows. For customers in managed cloud, they may elect to have separate deployment environments to not only schedule updates at a time that is convenient for them, as well as allowing for the pre-release testing of new product versions in a staging or testing environment to identify any potential changes before the application version goes live in their production cluster.

Disaster Recovery

Axway maintains a formal Business Continuity Plan (BCP) which is regularly tested. The BCP is presented as a guide for management and technical staff related to Axway’s Business Continuity Management strategy and Disaster Recovery programs in the event of an unanticipated interruption of normal operations. The objective of the BCP is to define direction and approach to minimize the impact to Axway’s business and Axway’s customers. The BCP outlines the process for the activation of the DR, notification of key personnel, and steps for the recovery of mission-critical services and network facility infrastructure.

Axway believes having data centers in multiple zones and parts of the world provides better Disaster Recovery, if and when needed. Axway architects its managed cloud solution to take advantage of Cloud Infrastructure Provider’s Multi-Availability Zone capability. This capability allows the database to be replicated in a second data center in real time with at most a 5-minute data lag. However, Axway's solution can provide full disaster recovery data center and related infrastructure in a geographic region separated from the primary data center for an additional fee, such that:

  • It is located on a separate power/utility grid.
  • It leverages separate primary network/internet trunk

The Amplify Platform is hosted primarily in the US, utilizing multiple availability zones to guard against potential outages. This deployment houses global system components and small amounts of administrative data and aggregated usage metrics. Customers using either Amplify Central or Integration Builder may choose either a US-based or EU-based location. These deployments also utilize multiple availability zones in case of disaster. Axway Managed Cloud customers will additionally have a separate installation that connects to these platform services as appropriate for their use case.

Axway acknowledges that information security plays a critical role within the organization and for its customers. Therefore, information security continuity is fully integrated within Axway’s Business Continuity Plan. The Security Office has multiple team members any of which may be called upon to fulfill the responsibilities of the security office during a disaster. Axway’s Security Office is embedded into all phases of business continuity and disaster recovery planning, testing and execution. Multiple Security Office team members are included in the business continuity and disaster recovery planning and implementation process.

Backup Strategy

Axway Cloud Services maintains documented policies and procedures for backing up the Cloud Services environment, including backing up customer data stored within Axway Cloud Services platforms. Configuration of backups of Cloud Services environments as well as the validation of backups is part of standard operating procedures for Axway Cloud Services and involves scheduling, maintaining, auditing, and testing backups. The success or failure status of all backup jobs are reported to Axway event monitoring systems which enable Axway to centrally monitor the status of all backup processes and take appropriate action when necessary. Backups are stored on encrypted volumes which provide durability and availability for backup snapshots. Access to Cloud Services backup data is limited to administrative staff that possess a job responsibility requiring access. Access is further controlled by Cloud Infra Provider’s Identity and Access Management tools which require unique accounts and dual-factor authentication.

Incident Response and disclosure (Security information and event management)

Axway also has communication channels to immediately notify the Privacy and Security Incident Response Team members (PSIRT) in the case of a critical security event such as a likely data breach in which case PSIRT members are notified 24x7. The Axway Security Office follows up on all incidents to ensure they are fully documented, and action plans are addressed. Axway Cloud Services are integrated with several software tools to monitor all production networks and alert Operations on-call engineer of issues / anomalies.

Support Coverage

Both the Axway Operations Center and Axway Cloud Operations are staffed 24x7, 365 days per year. The Axway Cloud Operations team will maintain and monitor the platform assuring availability for use 24 hours per day, 7 days per week, 365 days per year. All systems are proactively monitored to minimize downtime, with regular test transactions sent to assure performance and continuous operation of all key components.

Information Security Program

Hackers and security attacks are constantly evolving and becoming more sophisticated; it will never cease. For this reason, Axway continuously evaluates its security posture and has implemented a program allowing us to remain proactive and aware of the constantly changing landscape of security.

Security in R&D (SSDLC)

Secure Software Development Lifecycle: Axway is in constant examination of security tools and methodologies. Our SSDLC methodologies and processes include concepts developed by BSIMM (Build Security-In Maturity Model) and OWASP OpenSAMM (Open-Source Software Assurance Maturity Model). Axway’s SSDLC defines security gates to be reached by each Axway product before being released to our customers. Axway Product Security Group (PSG) is a Secure Software Center of Excellence embedded in the R&D organization. Axway PSG works with Security Champions embedded within each R&D team to ensure each product meets the security objectives. 

Our security controls include:

  • Security of communication protocols and OWASP best practices
  • Threat modeling
  • Third-party / Open-Source Software Composition Analysis (SCA)
  • Attack surface analysis
  • Dynamic Application Security Testing (DAST)
  • Static Application Security Testing (SAST)
  • Container security analysis
  • Manual pen-testing

This is reflected in our Continuous Security Pipeline methodology of software development. From first code commit to production deployment, software must pass multiple bars and gates along the way to ensure that it meets both quality and security standards before release.

Developer Security Training

Axway developers undergo constant training to reinforce security topics, using commercial training platforms and in-house developed classes and materials, including: 

  • Mandatory "White Belt" Training completed by all developers covering a wide spectrum of Application Security topics
  • Supplemented by internal security education workshops
  • Bi-Annual training to keep skills current
  • Advanced “Blue Belt” Certification for developers
  • Hands-on Programming Challenges, Assessments, and Tournaments

Open-Source Contributions

Axway is a participant in the Building Software in Maturity Model (BSIMM) Group, as well as Axway Security Engineers are recognized contributors to Open Web Security Projects (OWASP)

Security in operations

Once the code is deployed into production, there are multiple tools used to validate security. Axway’s monitoring platform provides operational staff with high-level dashboards to provide overall metrics on system performance and trending for any security events. As alerts, preconfigured dashboards, and reports are collected, they are systematically reviewed at regular audit intervals (daily, weekly, and monthly). Alarms are configured to alert operations teams when early warning thresholds are crossed for key operational and performance metrics. Axway has 24x7x365, on-call coverage to ensure system and security alerts are monitored consistently. Audit logs are sent to a centralized system which protects the data from tampering.

  • Vulnerability Management and Vulnerability Scanning
  • Security Incident and Event Monitoring (SIEM)
  • Security Hardening and CIS Benchmarks
  • Host Intrusion Detection (HIDS)
  • Centralized access control and Multi-factor authentication

Penetration Testing

Axway has established a comprehensive third-party penetration testing program with industry best partners. In addition to periodic third-party penetration tests, the Cloud Security Team performs internal and external vulnerability scans at least monthly against the hosting infrastructure deployed on infrastructure provide by Axway's trusted Cloud Infrastructure Providers, covering both SaaS and Managed Cloud customers. Furthermore, the Cloud Security Team leverages several cloud security tools to identify, evaluate, and remediate vulnerabilities within the infrastructure. All of the previous mentioned controls are audited annually by our third-party auditors for our SOC 2 Type 2 and ISO27001 audits. Our third-party penetration test reports are considered confidential, and are generally not shared outside of the company, but with advanced notice, the customer may have their own penetration test performed against Axway infrastructure.

  • Annual security penetration test conducted by Third-party 
  • Based on industry standard testing methodologies and latest vulnerabilities
  • All applicable issues covered by OWASP Top 10, SANS Top 20, CWE and other standards
  • NIST 800-115 Risk Assessment 
  • Planned, managed, and scheduled by Axway Security to ensure seamless execution

Additionally, we operate a responsible security disclosure program in coordination with 3rd-party auditors and security researchers.

Additional Information and Components

For further information on Amplify security controls, contact Axway sales and customer success

Resources

May 04, 2021



Related Links