Hosting Environment
Terra Dotta provides hosting services using servers and data center facilities provided by Amazon Web Services (AWS). Our US clients are housed in the AWS US-East-1 Region, which utilizes data centers located in Virginia. AWS is a worldwide leader in providing scalable, fully redundant, and secure cloud computing infrastructure to provide highly reliable services to businesses.
Terra Dotta utilizes a variety of services/infrastructural components from AWS, including but not limited to:
- Application load balancers
- Elastic Compute Cloud (EC2) Instances (virtualized servers)
- Security Groups (providing hardware-level firewalling capabilities)
- S3 storage for fully AES256 encrypted backups
Information regarding AWS and their security and compliance posture may be found at: https://aws.amazon.com/compliance/data-center/controls/.
Reporting on Controls
Terra Dotta Hosting Services are delivered using AWS cloud computing based in Virginia, USA. AWS certifies SOC 2 and SOC 3 which is available on the AWS web site here.
Software and Data Storage Configuration
Each hosted account is set up with a separate database and file-system storage. The web application is instantiated from a shared code root. Customer information is segregated in application memory. No server-level access is granted to any customer except in separate, protected file directories over an SSH connection via SFTP or SCP (no shell access provided).
Backup, Recovery, and Availability
Terra Dotta's hosted systems are backed up nightly, including database, user media files and application code, using CommVault enterprise networked backups, both within the local data center and to a remote mirror site. A weekly backup is shipped to secure AES256-encrypted cloud storage (Infrascale SOS Online Backup) outside of our data center. Recovery procedures will vary depending on the nature and severity of any critical event involving loss of data or hardware.
The Software and the Site will be available for normal use at least 99.7% of the time, 24 x 7 x 365, excluding scheduled maintenance.
Security
All hosted production websites are protected in user-authenticated areas for data encryption of transacted information over HTTPS, either using Terra Dotta wildcard SSL certificates or SSL certificates provided by the customer (by customer request). The required bit-length of SSL certificates is 4096 bits.
Transfer of data files to and from Terra Dotta servers for student information systems (SIS), HR or other data integration purposes is done via SSH using SFTP or SCP, which is an industry-standard, secure protocol for file transfer. Uploaded data files are accessed, processed and then deleted from the account-restricted SSH receiving folders.
Terra Dotta uses BitVise WinSSHD as our SSH server. The customer may choose any compatible SSH client for their connection. The recommended and preferred method for authentication is by shared key, which must be provided to Terra Dotta from the client software.
Our network and cyber assets are additionally protected by AWS Guard Duty, AWS Inspector, CrowdStrike Falcon, and CrowdStrike SIEM, all of which help us to identify and respond to any threats and scan for system vulnerabilities.
Software Support
Terra Dotta is responsible for performing all software installs and updates to hosted installations. This includes the server operating system, database software, ColdFusion, Terra Dotta software, and all hot fixes, patches, and version upgrades.