Cities and mobility providers trust Remix with their transportation-related data. We are serious about keeping data secure. This page details how we protect our platform, the data it stores, and the people that depend upon it.
APPLICATION AND DATA CENTER SECURITY
6 September 2019
All of the application infrastructure for Remix is currently managed by Amazon Web Services (AWS) and Heroku, a subsidiary of Salesforce. All data is stored in data centers managed by Amazon. These data centers have received ISO 27001 and SOC certifications, Federal Information Security Management Act (FISMA) Moderate Authorization, and accreditation from the U.S. General Services Administration.
More on Heroku’s security policy
Sensitive data is ingested, processed, and stored in an isolated, secured environment in AWS, referred to as a partner data account. Aggregation is done within the partner data account, and only the aggregated data leaves it. The isolated account requires additional steps for Remix developers to access, including a written approval process and specialized training.
NETWORK SECURITY MONITORING
Our cloud providers and centralized logging and alerting system provide intrusion detection capabilities that alert us of suspicious and malicious behavior. The feeds include information from network events, internal-system events, and vulnerability / threat intelligence feeds.
SECURE DATA TRANSFER
Our APIs and web front-ends are all configured to use the latest TLS version, check for a valid, signed, domain-specific certificate and use a strong set of cryptographic protocols. Our encrypted-by-default philosophy also means that we don't support fall-back to unencrypted communications (e.g. https -> http).
We classify data according to type and sensitivity and use that classification to define which systems are authorized to access and store different types of data. The data sensitivity classification is used in the risk assessment process to determine the appropriate level of security controls..
DATABASE ACCESS CONTROLS
Remix has a policy to limit direct access to databases and backups to Remix engineers. Access to sensitive data is limited strictly to people who need it to do their jobs. We review access periodically and offboard people who no longer need access. Each developer has unique credentials and 2 factor authentication is enforced.
Remix uses AWS and Heroku to store customer data and documents. These databases have network-level isolation via Virtual Private Clouds (VPCs) and access is controlled via Access Control Lists (ACLs). Our policy is to automatically deny any traffic which is not explicitly allowed to or from a database. In addition to network isolation, all data is encrypted at rest and in transit.
More on Amazon VPCs
More on Heroku Private Spaces
ROLE-BASED ACCESS CONTROL
Remix employs role-based access controls to manage access to servers containing application data. These controls are designed to require authorized employees to use individual account and authentication credentials to gain access. Remix controls access to servers and data stores through authentication handled with key-based SSH sessions. We operate on the Principle of Least Privilege, which is designed to access to a system is only granted if absolutely required to serve a legitimate business need. Our policy is that employees only have access to data and systems they need to do their job.
Remix provides security awareness training for all employees. Remix will ensure that only authorized personnel log in and that access is removed in timely fashion.
The Remix codebase is currently stored in GitHub and requires multi-factor authentication and team-based authorization to view or edit. All changes to the codebase are logged with the name of the person making the change, the time, and precisely which lines of code changed. All changes to code running on production servers is peer-reviewed with specific attention paid to security prior to being deployed. An audit trail is kept for all changes to code running in production.
All company-issued computers are deployed with password protection and encrypted hard drives.
Remix users must authenticate with an email and password. Passwords are only stored as one-way cryptographic salted hashes, and never in plain text.
Remix has formalized hiring policies and procedures, performance management, and termination practices. Access to company systems is removed as soon as possible once it is no longer needed. Remix conducts comprehensive pre-hire background checks to the extent permitted by law.
APPLICATION DEVELOPMENT SECURITY
Our developers review secure coding standards applicable to the environments, languages, and platforms they're working in. These standards may include ensuring access control of data, sanitizing input / output values, and logging violations that could indicate an attack or vulnerability.
Remix aims to be a responsible custodian of customer data, and will delete all customer data upon request or termination of Remix’s relationship with the customer.
We currently use AWS Secrets Manager and AWS Parameter Store for storing and managing all secrets in the partner data account. Secrets are automatically rotated on a regular schedule. All secrets are encrypted-at-rest, using signing keys managed through AWS Key Management Service, and encrypted-in-transit via TLS secured connections. Access to specific secrets is restricted to the services which need access, and the Remix engineers who maintain those services.
Remix periodically brings in an external team to test our security. Assessments are based on current attack trends and verification of best practices (e.g. OWASP Top 10). Findings are reviewed and remediated by our technical teams.
It is our policy to log all actions taken by a user or a service (using a role) and to report those logs automatically to AWS CloudTrail.
Remix’s platform is designed to help cities gain insights about vehicles, fleets, and movement patterns, not to track people. Remix aims to ensure that the maps, reports, and statistics we show to our customers do not reveal the travel behavior of identifiable individuals. By analyzing and combining data about individual trips, we give cities trustworthy, auditable insights while protecting privacy. We work only with data that does not contain individual identifiers and we never attempt to re-identify individuals in anonymized data.
Our mission is to help build more livable cities. We make software tools that cities use to understand multi-modal urban transportation systems and improve safety, access to mobility, and sustainability in their communities. Where those tools incorporate mobility data, our contracts with cities and mobility companies govern our access to data and limit what we can and cannot do with it.
We get our revenue from building great technology and services. Advertising is not part of our business model, and we don’t sell individual trip data or other personal information.
We don’t directly collect trip data from riders. Remix has contractual obligations to city customers and mobility providers that govern our ability to collect, use, share, secure, and delete various data that is provided to us.