Data as defined by Pellustro consist of the following

  • Customer Input Data: Data generated by the user while creating, managing and individual response of the assessments
  • System Generated Data: Data generated through application for client specific assessment data and MIS reporting.
  • Logs: Data generated by various software, application packages used for hosting including Pellustro application itself. The logs are generated at various levels i.e. web server logs, application level logs, process logs, authentication logs
  • Codebase: Collection of source code that is used to build Pellustro including configuration files and email templates.


License Partitioning

Pellustro utilize a multitenant architecture, in which the application serves multiple clients and partitions its data accordingly based on the license information of individual customer.

User Type Access

Pellustro at its core allows role and license based access control to the Pellustro Web Application.

Note: Pellustro Clients do not have direct access to Pellustro Logs. Clients may put a request to obtain relevant logs for investigation or troubleshooting purposes.

Encryption

Pellustro does not store any credentials of the users. Pellustro users are authenticated through Auth0 provider. In Auth0, passwords are hashed with brcypt.

All the AWS Elastic Block Storage (EBS) volumes attached to a supported Amazon Elastic Compute Cloud (Amazon EC2) instance type, data stored at rest on the volume, disk I/O, and snapshots are encrypted using AWS Key Management Service (KMS). The encryption occurs on the servers that host Amazon EC2 instances.

Pellustro protect data in motion over the network and at rest in persistent storage. Support for TLS allows clients to connect to MongoDB over an encrypted channel.

Backups

Pellustro identifies following files for S3 archival

  • Nginx Logs
  • Application Logs
  • System generated log including reports, trend data
  • Pellustro-Auth0 authentication log
  • Pellustro Database logs (hosted in mLab)

Daily, a backup of the files is taken using our automated scripts. Files include – Log Files, Configuration Files, Index files, License File, Customizations

  • Daily backup is stored for 30 days
  • Backup are encrypted and stored in separate segment in the data center

Awazon S3 to Amazon Glacier Archival log access details

Storage: Identify all S3 objects for archival that meet 30 days criteria.

Archival: Every day, S3 evaluates the lifecycle policies for each of S3 buckets and archives object in Glacier as appropriate

Retrieval: As part of the access log request, Pellustro Support team specifies retention period in days. It generally take 3 to 5 hours to restore an object. The restored object will remain in both Glacier and S3’s Reduced Redundancy Storage (RRS) for the duration of the retention period. At the end of the retention period the object’s data will be removed from S3; the object will remain in Glacier.

Data in Test Environments

Pellustro has Demo sandbox environment that is used by sales team to showcase the capabilities of the platform. This environment is also used by client having trial license. The test data captured through this environment is leveraged by the data provisioning team consisting of Product Manager, SME and Business Analysts to obfuscate and anonymize assessment data set. The objective of the team is to provide optimal data coverage to the QA team for all the test case scenarios. Version controlled data requirements for each release and test data ensure complete traceability and easier replication of results.