Have you ever asked yourself how WorkWave hosts the applications and services that you rely on to run your business? The WorkWave Cloud Operations team would like to share some insight into how we architect our SaaS products to host nearly 100TB of customer data across a large multi-region cloud footprint. As a customer, we know, and value, that you place a lot of trust in WorkWave to keep your data secure. Our cloud operations are at the forefront of that effort. Fortunately, security is the primary focus of our cloud provider and the Cloud Operations team.

“Modern apps make security everyone’s job”-Dr. Werner Vogels, VP and CTO, Amazon

WorkWave has a long history of providing top-rated software solutions for Pest Control and Field Services providers. We originally offered self-hosted products (going as far back as the DOS days), briefly provided managed data center hosting and quickly pivoted to cloud hosting as a long term strategy to provide the best service and security to our customers. It takes a lot of confidence to trust your most critical business operations to a SaaS provider. We don’t expect you to sacrifice security for the benefits you gain in reduced operational costs and faster feature time to market.


WorkWave and AWS follow the cloud Shared Responsibility Model. Later in this post, I’ll describe how WorkWave benefits from this model to improve our security with less effort, better standardization and reduced operational costs for you and WorkWave.

There are four key areas that the Cloud Operations team focuses on to properly secure data in the cloud:

  1. Data at rest
  2. Data in transit
  3. High Availability & Disaster Recovery
  4. Threat protection

Data At Rest

WorkWave relies on Amazon’s world-class physical infrastructure and security to ensure that all WorkWave customer data is protected against physical loss from Amazon data centers. WorkWave maintains additional controls and compliance procedures to ensure the concept of least privilege access. Only authorized employees, following established procedures, have access to alter customer data. All access is logged and audited using AWS CloudWatch and ingestion into our monitoring and operations data cluster.

Your data may be protected against malicious actors, but WorkWave leverages other cloud features that make it easy to protect against data loss. All data is stored on redundant storage volumes using Elastic Block Storage. EBS offers 99.999% availability and annual failure rates of 0.1%-0.2%. The possibility of a data loss event every 500 years is good but WorkWave takes additional steps to prevent data loss. We replicate data to secondary servers in real-time, giving us the ability to quickly restore access to WorkWave applications and your data in the event of a failure. We perform full backups to a fully redundant backup service every night, offering further protection against significant failure events. All of this is made simple through the egalitarianism of the cloud.

“Every company, large or small, has access to the same servers, databases, storage, mobile services and analytics tools.”-Dr. Werner Vogels, VP and CTO Amazon

The same level of care goes into protecting your documents. Documents are stored in Amazon’s S3 object storage service. S3 is used by the majority of content producers and application service providers on AWS. We use this service because of its simplicity, security, and reliability. The reality is that reliably storing all of your documents without S3 would require significantly more resources and achieve lower reliability. We are instead able to allocate those resources to improving the products you rely on.

All of these technical details mean that your data is safe with WorkWave.

Data In Transit

Web browsers and search engines are aggressively educating users that HTTP is insecure; forcing websites to improve their security to maintain page rankings and eliminate in-browser security messages. At WorkWave we transmit all data using encrypted protocols such as TLS/SSL. WorkWave uses cloud services like Amazon Route53, LetsEncrypt and other industry-standard tools to maintain high HTTPS TLS/SSL security ratings for sites like workwave.com, pestpac.com and others. You can be sure that data in transit between our servers and your web browser is secured using the latest industry standards.

Disaster Recovery

The true power of the cloud is the ability to easily scale to match the growth of our customers. Just as important, the cloud significantly streamlines the ability to design for failure and to recover from disasters. WorkWave hosts redundant servers and takes advantage of managed AWS services whenever possible. All services are hosted in multiple physical locations to protect against loss of a single availability zone (data center). When a failure occurs, we have automated monitoring and tools to remove malfunctioning servers from our server farms. These application load balancers are highly performant, reliable and allow the Cloud Operations team to scale our infrastructure in minutes instead of weeks or months in pre-cloud days.

Preparation, planning, and training allow WorkWave to use the cloud to its fullest potential to build reliable and redundant systems that are resilient to common failure scenarios.

“We don’t rise to the level of our expectations, we fall to the level of our training”.-Archilochos

Preparation, planning, and training allow WorkWave to use the cloud to its fullest potential to build reliable and redundant systems that are resilient to common failure scenarios. Underlying all cloud servers is a physical machine. Servers will fail, and when they do, our infrastructure is built to tolerate the failure or we execute prepared procedures to recover in minutes.

Threat Protection

A highly available and scalable application is not valuable if it doesn’t also protect from external threats. Fortunately, cloud providers are rapidly providing seamless tools to make their and WorkWave’s services more secure. Our defense-in-depth approach means that we integrate cloud-native intrusion prevention and detection systems like AWS WAF, AWS GuardDuty and AWS Inspector into our infrastructure to make it easier to log, identify, automatically block and protect against external threats. Amazon offers native DDOS protection with AWS Shield. All of these tools once required dedicated teams to implement, monitor and operate. With the power of these cloud services, we are able to devote those resources to threat identification and protection.

Threat protection is an arms race. Attackers are always developing new attack vectors and exploiting new vulnerabilities but WorkWave has the resources of our cloud provider behind us to keep current with the latest threats against our infrastructure and your data.

“History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It’s always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you’ll be glad you did.” — Bruce Schneier, “Why Cryptography Is Harder Than It Looks”

Threat protection is an arms race. Attackers are always developing new attack vectors and exploiting new vulnerabilities but WorkWave has the resources of our cloud provider behind us to keep current with the latest threats against our infrastructure and your data.

This topic requires a more in-depth review which we hope to bring to you in a future blog post.

About the Cloud Operations Team

WorkWave has embraced the cloud because it gives us the ability to scale, standardize and take advantage of the benefits of the vast R&D resources of our cloud provider. In the above diagram, WorkWave applications make up a small piece of the overall infrastructure. The tooling that protects your data is baked into how we build infrastructure at WorkWave.

We encourage you to research cloud solutions, including our provider, Amazon AWS, to better understand the services we utilize as well as for your own knowledge development.

The Cloud Operations team has earned 10 and counting AWS certifications including several Cloud Solutions Architect Professional-level certifications. This number continues to grow as the team extends itself into new areas of cloud enablement. This means better, more secure and more reliable services for you.

Jason Thompson

Director, Technology Operations

jthompson@workwave.com

workwave.com

Author

Jason is the Director of Technology Operations at WorkWave.