Data Security

Privacy is a concerning factor for everyone, when supposed to give personal details about them. Here at panarome, we care about your personal safety as well as we take uttermost care to your personal data and privacy.

Data Encryption

Panarome device and mobile app transmits user?s location data continuously to the network. This data is encrypted using AES-GCM algorithm with HKDF and 256 bit security keys. A key is needed to encrypt or decrypt the data, these keys are managed by Amazon Key Management Service (KMS). AWS KMS has/owns the customer master key (CMK) and issues the data keys which are used to encrypt/decrypt the data. The data key is also stored with the encrypted data, which is also encrypted.??When decryption is required, the encrypted key is send to KMS, where the master key can be used to decrypt the data key. The decrypted data key can be used to decrypt the data.

The data in transit or data that travels through internet is also encrypted. Panarome uses Amazon CloudFront and API gateway to receive the customer requests (HTTP requests), these AWS services supports TLS/SSL encryption with certificates managed by Amazon CERT manager, which automatically renews the certificate with no additional costs. Further AWS API uses TLS/SSL to encrypt the traffic/requests.

Network Security

We are using AWS shield, which is a managed DDoS protection service used to safeguard the web applications, running on AWS. The application downtime and latency is minimized by AWS Shield provisions such as always-on detection and automatic inline mitigations. AWS Shield defends against common and frequently occurring transport and network layer DDoS attacks. Furthermore, additional detection and mitigation is performed against huge and more sophisticated DDoS attacks with a realtime visibility into attacks. AWS Web Application Firewall (WAF) is also integrated, which provides control over the web traffic. Our team of security professionals work constantly to evaluate risk factors and are implementing best practices in the industry.

Logging and Auditing

We are using AWS KMS to store the encryption key and the master key is stored is stored in a remote server with limited network access.

We have also enabled CloudTrial in KMS, which is used to record the usage of each key which is stored in KMS and the recorded log file is delivered/sent to specified Amazon S3 buckets. These recorded log file contains information such as details of the user, usage key and the corresponding date and time. The log files are monitored and audited regularly to find the unnecessary and unwanted usage of encryption key.