Secure System Architecture
GO7 PSS is a web-based system. No installation is required. Our team is responsible for the system maintenance, software updates, performance monitoring, and more.
Web based system
We support all major browsers and operating systems. There’s no need for any installations, as the system is web-native. This means you won’t require virtual instances or remote desktops; you can access and work with the system anywhere.
GO7 PSS uses a robust database engine which is online managed and backed up by multiple database instances with high scalability.
We utilise Amazon Web Services (AWS) to ensure high scalability with a fleet of 15 servers. Amazon Elastic Compute Cloud (Amazon EC2) is the critical component, offering a secure and resizable computing capacity in the cloud. This service simplifies web-scale cloud computing for developers. For more information, visit https://aws.amazon.com/ec2.
Disaster recovery plan
- GO7 PSS Infrastructure is rolled out in 2 different availability zones, allowing a sophisticated DRP.
- Data is backed up to the DRP on a 5 minute basis.
AWS takes responsibility for safeguarding the infrastructure that supports all services in the AWS Cloud. This infrastructure encompasses hardware, software, networking, and facilities that underpin AWS Cloud services. Learn more about this shared responsibility model at https://aws.amazon.com/compliance/shared-responsibility-model/.
To ensure email delivery quality for your customers when using MailChimp, we employ external SMTP servers. You can find more information at https://mailchimp.com/.
GO7 PSS is GDPR-ready and certified as an organisation prepared to comply with GDPR requirements. We act as your data processor, ensuring GDPR compliance as needed.
Our payment infrastructure within the system is PCI compliant, meeting the standards and requirements for secure payment processing.
GO7 PSS use 256-bit encryption with premium SSL that protects sensitive information during the transition between airline and GO7 servers.
Firewall and Elastic Load balancers
- Only authorised personnel and only from specific locations can access services other than http port
- Internal servers not connected to the internet and accessible only via VPN to specific authorised personnel.
Web application firewall
- All the information passed to and from our servers is protected using a very secure layer of security called “Web Application Firewall”
- In this type of security, all packets of information are inspected on a different firewall before reaching GO7 servers
- This helps us (and the customer’s websites) protect from the following attacks:
– DDoS (distributed denial of service) attacks
– Bad bots
– Remote file inclusions
– SQL injection
– Cross site scripting
– Illegal resource access
– Backdoor attacks
- We use a service called incapsula which is a web-based WAF. This means that once someone tries to attack another website, you are also protected, as the learning curve of the service is much better than a standalone protection which needs to be updated and patched on a daily basis.
- Incapsula’s Web Application Firewall protects against the most critical web application security risks, such as SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 threats. Security experts behind Incapsula’s service ensure optimum protection against newly discovered vulnerabilities to prevent disruption to your application and improve website performance.
Trendmicro deep security
GO7 PSS is using Trendmicro deep security product on all servers, which provides the platform with:
- Defence against network and application threats, leveraging proven host-based network security controls like intrusion detection and protection (IDS/IPS).
- Protection against potential attacks, instantly shielding vulnerable applications and servers with a ‘virtual patch’ until a workload can be replaced.
- Servers Lockdown so that only authorised processes can run with application control for Windows and Linux.
- Safeguard against malware like ransomware off workloads, ensuring that servers and applications are protected.
- Identification of suspicious changes on servers, including registry settings, system folders, and application files that shouldn’t change.
- GO7 developers follow OWASP guidelines and are certified by an external company. We complete training yearly.
- GO7 conducts security checks on the system yearly to check for vulnerabilities.
- GO7 updates servers regularly to ensure they are updated with the latest patches.
The storage is kept on 20 server locations worldwide, so if customers in the UK request information, their closest server will serve them static information to improve security and efficiency in data transmission.
- Hourly backup procedure – Incremental backup for bookings
- Daily backup procedure
- 5 min interval MS-SQL mirroring between several servers
- Every 15 minutes between availability zones.
- S3 (AWS) Bucket backup
Besides 24/7 monitoring of AWS Cloud facilities, we use 4 additional monitoring services:
- Datadog – GO7 PSS uses datadog to actively monitor servers performance such as CPU, Memory usage, Network usage etc.
- GO7 PSS uses “Raygun” for code and system performance monitoring, to allow us to get real time monitoring of customer’s errors, the error rate for 2017, was 0.0001% errors per transactions performed in the system.
- Host Monitor application installed on a server – monitoring SQL services, http and Intrusion detection – System alerts in SMS and E-mail to our technicians 24/7.
- “Statuscake” external monitoring service – monitoring all websites and services for uptime from a different location. (independent monitoring service) – Alerts managed by our NOC, E-mail, weekly report sent to GO7 management.