Trelliswork Operations and Security
Data Centers and Location
Trelliswork production services are hosted on Amazon Web Services’ (“AWS”) EC2 and RDS platforms. The physical servers are located in AWS’s EC2 data centers. As of this date, AWS (i) has certifications for compliance with ISO/IEC 27001:2013, 27017:2015 and 27018:2014, (ii) is certified as a PCI DSS 3.2 Level 1 Service Provider, and (iii) undergoes SOC 1, SOC 2 and SOC 3 audits (with semi-annual reports). Additional details about AWS’ compliance programs, including FedRAMP compliance, can be found at AWS’ website.
All user content is stored within US regions of AWS. Trelliswork’s production environment is hosted on an AWS EC2 platform. User content can also be found in Trelliswork backups, stored in AWS S3.
We do not offer customers the option of hosting Trelliswork on a private server, or to otherwise use Trelliswork on a separate infrastructure.
We maintain separate and distinct production, staging, and development environments for Trelliswork.
To access Trelliswork production database, authorized and trained members of Trelliswork’s Engineering team (“Authorized Personnel”) authenticate to the VPN using unique strong passwords that are unencrypted using controlled private keys and then only access the production environment via ssh terminal connections using personal RSA certificates. Those members are also trained not to replicate non-public user data stored in Trelliswork’s production environment onto their workstations or mobile devices.
AWS Network ACL and Security Groups are used to restrict access to Trelliswork’s systems as appropriate to their role. Active monitoring of these security rules is in place with alerting mechanisms in place for any changes to the configuration.
SAML 2.0 SSO is supported for Trelliswork Enterprise customers. All customers can enable 2FA on their accounts or use Google OAuth. If SSO or OAuth is used to access Trelliswork, Trelliswork will inherit the login security settings in the user's IdP or Google account.
If logging in directly to Trelliswork using a username or email and password, Trelliswork requires a minimum of 8 characters. Repeated failed login attempts trigger a 30 second lock before a user can retry. Passwords are stored in a hashed form and will never be sent via email—upon account creation and password reset, Trelliswork will send a link to the email associated with the account that will enable the user to create a new password.
Password complexity and session length requirements cannot be customized within the app. However, these can be set within an IdP for an SSO-enforced team.
Only Authorized Personnel have direct access to Trelliswork’s production database. Those who do have direct access to production systems are only permitted to view user data stored in Trelliswork in the aggregate.
Trelliswork maintains a list of Authorized Personnel with access to the production data environment. Trelliswork also maintains a list of personnel who are permitted to access Trelliswork code, as well as the development and staging environments. These lists are reviewed quarterly and upon role change.
Upon role change or leaving the company, the production credentials of Authorized Personnel are deactivated, and their sessions are forcibly logged out. Thereafter, all such accounts are removed or changed.
Trelliswork’s production services are hosted on Amazon Web Services’ (“AWS”) EC2 platform. The physical servers are located in AWS’ secure data centers. We require that production critical data is never to be stored by those with privileged access on physical media outside of our data hosting provider's production environments. See above for information on AWS’ compliance programs.
Trelliswork uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128-bit Advanced Encryption Standard (“AES”) encryption. This includes all data sent between the web, desktop, iOS, and Android apps and the Trelliswork servers. There is no non-TLS option for connecting to Trelliswork. All connections are made securely over HTTPS.
Data drives on servers holding user data use full disk, industry-standard AES encryption with a unique encryption key for each server. User photos are stored in Amazon’s S3 service. Photos are encrypted using Amazon S3 server side 256-bit AES encryption. The encryption, key management, and decryption process is inspected and verified internally by Amazon on a regular basis as part of their existing audit process. All Trelliswork backups are encrypted with AES-256 encryption.
Encryption keys for Trelliswork user files, stored in S3, are managed by Amazon. The encryption, key management, and decryption process is inspected and verified internally by Amazon on a regular basis as part of their existing audit process.
Customer Data Isolation
Trelliswork users share a common cloud-based IT infrastructure. As such, we have measures in place to ensure that user and organization data are logically separated so that the actions of one user (and associated enterprise workspace) cannot compromise the data or service of another.
Trelliswork has built a concept of User and Workplace Context (UWC) throughout the compute and data storage layer of our IT infrastructure, achieving logical isolation of our customers. This is implemented in the logical layer of all data transactions within Trelliswork to ensure:
- Each workspace’s data is kept logically segregated from other workspaces when at-rest
- Any requests are filtered through a user AND workspace specific filter so other workspaces are not impacted, and the extent of a user’s influence is contained to workspaces to which they have been granted access.
Generally, this is achieved by storing UWC for all data, and then referencing that context for any logical operation. The context for each user and workspace is associated with a unique ID stored centrally, and includes a range of metadata (such as personal profile information and workspace administrator settings). When a user accesses Trelliswork, the application logic layer uses this ID to collate that metadata, which is then linked with any operations the user undertakes in the application throughout their session.
The context provided by the UWC effectively acts as a filter through which any interactions with customer data occur – and this filter is always confined to one specific workspace. This ensures that one customer workspace does not access data of another workspace – nor for one user to affect the service of another workspace through their own actions.
Development, Patch and Configuration Management
All changes to the Trelliswork production system, be they code or system configuration changes, require review prior to deployment to the production environment. All changes to Trelliswork’s code are tested in a staging environment prior to deployment to production. Updates to the Trelliswork web client are deployed on a rolling basis, usually several times per week. Trelliswork production servers are managed via a centralized configuration system. All Trelliswork system changes are peer reviewed and updates are deployed as relevant to their level of security and stability impact.
We restrict access as noted above and maintain separate lists of relevant roles with access to source code, development, staging, and production environments. These lists are reviewed quarterly and upon role change. We use source code management tools and repositories.
All Trelliswork API calls and application logs are kept for our internal purposes for at least 45 days without sensitive information (no full user tokens, no user generated content), and are available only for authorized employees as required by their role for monitoring of Trelliswork to ensure service availability and performance and to prevent abuse.
Application logs for Trelliswork are centrally collected in AWS CloudWatch for a minimum of 45 days for monitoring and analysis.
Data entered into Trelliswork is backed up regularly. All backups are encrypted and stored at multiple offsite locations to help ensure that they are available in the unlikely event that a restore is necessary.
Files uploaded to Trelliswork as profile photos are not backed up on the same schedule, and instead rely on Amazon S3’s internal redundancy mechanism.
Trelliswork database backups are immediately encrypted with 256-bit AES encryption. Encrypted backups can only be decrypted by members of the Trelliswork operations team who have received training and have been authorized to decrypt the backups.
A rolling live replica of Trelliswork’s primary database is constantly being synchronized in our standby database. Additionally, a full backup snapshot of the primary database is taken once every 24 hours.
Security Awareness and Confidentiality
Security awareness and user data access policies are covered during our employee onboarding as appropriate to the role and employees are updated as relevant policies or practices change. Our employees also sign a confidentiality agreement.
In the event that a security policy is breached by an employee, Trelliswork reserves the right to determine the appropriate response, which may include termination.