This article reviews the following information:
- IT Management
- Infrastructure Security
- Data Security
- Application Security
- Application Development Best Practices
- Human Resources Security
- Infrastructure Disaster Recovery & Business Continuity
Click the quick link above to jump to that section, or scroll to follow the full article.
Limelight internally manages their IT services.
Limelight utilizes Amazon Web Services (AWS) as cloud-hosting provider
Physical / Environmental Security
Limelight does not manage physical infrastructure. Limelight leverages Amazon Web Services (AWS) cloud platform to host the application, therefore physical and environmental security is managed by Amazon.
Details available from: AWS Security Whitepaper – Page 5, section on “Physical and Environmental Security”
Compliance & Attestation
SOC1 / SOC2
AWS is SOC1 and SOC2 compliant, more information on AWS SOC Compliance can be found here.
If SOC1 / SOC2 report is required, please contact Limelight to retrieve a copy of the confidential report.
For Limelight Platform confidentiality, availability and
integrity of information have great value. We have taken extensive measures on
protection of information. Therefore, we follow the question catalogue of
information security of the German Association of the Automotive Industry (VDA
ISA). The Assessment was conducted by an audit provider, in this case the TISAX
audit provider DQSBIT. The result is exclusively retrievable over the ENX
The ENX Association supports with TISAX (Trusted Information
Security Assessment Exchange) on behalf of VDA the common acceptance of
Information Security Assessments in the automotive industry. The TISAX
Assessments are conducted by audit providers that demonstrate their
qualification at regular intervals. TISAX and TISAX results are not intended
for general public.
TISAX is a registered trademark and governed by ENX Association
Standard Server Hardening Configuration
- Servers are configured using a configuration manager, from base images
- All the latest packages are installed
- All ports are blocked, except for those required for communication with other servers
- Inbound internet access is blocked, except where required
- All SSH access is only allowed from a local bastion
- Root user is blocked from ssh access. Sudo access is allowed for specific users, with restricted command
Network Encryption (Encryption In-Transit)
Database Encryption (Encryption At-Rest)
Limelight platform utilizes database encryption as supported by Amazon Web Services (AWS) RDS, it applies AES-GCM encryption with a random & uniquely generated 256-bit secret keys.
Network Security Appliances / Applications
Network security is provided both through AWS (AWS Shield and AWS EC2 Intrusion Detection and Prevention – IDS/IPS).
Access Control & Management
Access to infrastructure requires individual ssh keys. Access is only available through secure protocols (eg. ssh). Access permission is also controlled on per-user basis, only a restricted set of users have access to production systems and only a subset of the users with access will have write access
User access history and activities / actions within the servers including installation of any packages or applications are also logged & monitored.
Production and Test Environments Segregation
Personal Identifiable Information (PII)
Password Rules & Encryption
- Minimum length of 8 characters, no maximum
- Minimum of 1 uppercase and 1 lowercase characters
- Minimum of 1 numeric character
- No blank space
- Any substring does not match the user’s username
- No substring that match common words such as “password” or “test”
Additionally, there’s an optional configurable policy to set password expiry. Each client may choose to decide on the number of days the user's password will expire where user will be forced to update.
Password to the application is stored in a secure one-way BCrypt encryption. There is no password stored in plain-text and it’s never logged anywhere on the platform.