How Shipyard Keeps Your Data Secure?

Your Data Secure

Be it any industry or business domain, the importance of data is always high. It is generally believed that it is the power of data that drives businesses these days. The same rule applies to the shipping industry. However, it is also true that shipyards don’t store the business related data that may be beneficial to competing businesses.

Since shipyards support workflow automation, they handle sensitive data on a day-to-day basis. Most shipyards process the underlying information independently so as to reduce the theft or leakage of highly sensitive data.

A shipyard’s first and foremost priority is to keep your business data safe and secure in every possible way. For this, it takes various measures like:

  • Due to the AWS-based server infrastructure, the highest degree of cloud security is ensured.

  • Passwords are encrypted and saved using the top-notch Blowfish-based Bcrypt algorithm

  • All data is secured in transit and at rest using the RSAES-OAEP-SHA-256 algorithms with AES-256-GCM.

  • At the application level, all Blueprint and Vessel-specific settings are secured with RSA-4096 bit key types.

  • All network communication to and from the application is encrypted with TLS v1.3, the latest and safest version.

In regard to proprietary data, there are primarily three types of data that are managed and stored by shipyards – code, credentials, and output.

Code

All code is submitted to the shipyard, through AES-256 encryption, whether the code is uploaded or written directly in the UI. The Shipyard's code storage can be stopped by integrating Github Code Sync.

Credentials

As part of the Blueprint and Vessel setups, all credentials by the underlying application are encrypted in transit, using AES-256-GCM.

Output

The whole output of the code is displayed in the UI as searchable plain text and kept eternally as a safe, encrypted file on S3. Because this function determines what data is displayed, you must ensure that your script is not writing any secure data to the output. Shipyards go out of their way to make sure that Environment Variables and Password Blueprint Variables are never displayed to the output.

External Storage of Data

When it comes to dealing with shipyards, most data that is used comes from third-party services. This is because shipbuilding companies don’t store any data. For enhanced security and the stoppage of data abuse, several initiatives are taken by shipyards. For example,

  • Highly secure Google Cloud Storage, Amazon S3, or Azure Blob Storage is used to store big-size data sets.

  • To enable quick and effective shares of data across different users, Box, Dropbox, or Google Drive is used.

  • For easy ship management of big datasets, a cloud-driven database like Snowflake, Redshift, or Bigquery is used. These next-gen database platforms enable a high level of scalability along with automatic processing of data.

Best data management practices used by shipyards

  • All database server access must be routed through our Corporate VPN, which employs AES-256-CBC encryption.

  • Each layer of the application infrastructure components has its own set of IAM roles and permissions, prohibiting one system from accessing the others.

  • As a firm, each employee must log on to every third-party service or platform. In the organization, there are no common accounts that allow for easy auditing and logging of activity.

  • All business passwords must be at least 12 characters long and be generated randomly using a combination of numbers, letters, capitals, and symbols.

  • All staff receive quarterly technical security training to raise their understanding of phishing attempts, social engineering, and best practises for keeping their credentials safe and secure.

  • All employees are encouraged to use 1Password, LastPass or similar password managers for their personal purposes.

  • Necessitated the use of 2FA for all third-party services, software and platforms used by all employees.

  • All Shipyard work performed by all employees is done only on managed company-owned devices.

  • For personal usage, all employees are urged to utilize 1Password, LastPass, or comparable password managers.

  • 2FA was required for all third-party services, software, and platforms utilized by all workers.

  • All Shipyard work is done by all personnel on controlled company-owned devices.

The Conclusion

Considering the reliance on data and the high likelihood of its misuse, shipyards take high-end preventive measures to safeguard their data in every possible way. From creating data-friendly policies to choosing the safest database services, there are several ways shipyards and shipbuilding companies put data at the center of everything.

Posted on July 15, 2022 by Usda Seroja Jaya.