About Data Security
TYS information security policies are guided by recognized international security standards and reference best practices to the largest extent possible. TYS borrow best practices from COBIT and these ISO standards: 27001 (international information security standard), 27005 (information security risk management), 27701 (privacy information management systems / GDPR) and 27014 (governance of information security), and ultimately plans to become ISO 27001 certified. TYS is in the process of undergoing a SOC 2 certification and will conduct periodic audits in the future to ensure continued compliance.
No, it is not shared with everyone; data owners have control over which organizations can access the data they store in TYS. This is accomplished through user credentials, role-based access privileges, and the sharing of cryptographic keys. For example, a user from a buyer org can use their credentials to log into TYS and access their assigned role, which if appropriate will give them the ability to access data from all suppliers who have agreed to share their data with that buyer org. This is accomplished behind-the-scenes through the sharing of keys
TYS complies with privacy laws such as GDPR and follows the ISO 27701 Privacy Information Management System international standard when managing PII data. Since blockchain ledgers are immutable, TYS stores PII information off-chain so that ‘Right to Forget’ and other subject rights outlined in GDPR can be met. PII data is encrypted with the data owner’s organizational keys and is under the control of the owner (i.e. Supplier or Buyer). It can be shared at will by the owner with other permissioned members of the TYS network and also deleted at will.
Yes. TYS data confidentiality is preserved by encrypting it whenever possible. Member organizations have keys that enable them to encrypt blockchain data and any PII data they commit off-chain. Other off-chain data is natively encrypted at rest, and data in transit is always protected using HTTPS or TLS.
Backup and recovery of the ledger is native to the blockchain and TYS implements this by having multiple nodes in different zones and regions, with an identical copy of the ledger on each. Any node that fails will automatically sync up with other nodes to update its ledger upon recovery, meaning every node is considered a backup and blockchain data processed by TYS is never lost. Off-chain data is replicated in multiple instances of each off-chain database.
Passwords must be 8 - 15 characters long, contain both upper and lowercase letters and a numerical digit, and be changed every 180 days (the length of time can be changed by an Admin role). Passwords are always encrypted, and their hashes stored off-chain. SSO is enabled for TYS, using OpenID Connect or SAML. If utilized, users must observe their organization’s password rules.
TYS verifies the user’s ID, password hash, and existence of a valid X.509 certificate before granting application access and opening a new session. A user can only run one session at a time. Sessions are not open-ended: each user is issued a session token upon login that will expire once the length of a user’s inactivity exceeds a certain time, or if the user begins a new session outside of the current browser window.
TYS is hosted and maintained on IBM Cloud. All servers are currently in two IBM Data Centers – one in the U.S. and one in Europe – and are managed and operated by IBM. As such, they adhere to IBM physical policy guidelines and are protected against attacks, accidents and natural disasters. These security measures follow the NIST 800-53 PE security and privacy control framework as well as ISO 27001 A11 requirements.
TYS has a primary web-app firewall in front of the node application HTTPS ports, and all public internet traffic terminates at it. It only allows HTTPS traffic to the TYS web server. There is also an IBM firewall internal to IBM Cloud IaaS, which uses three interfaces to protect TYS elements in the cloud. More details, including a network diagram, are available upon request.
Yes: TYS has a complete Business Continuity Plan and regularly updates it. TYS has documented its overall BCP process and trained TYS support and operations personnel on it. TYS conducts annual BCP drills, including DAST and SAST application security testing, and remediates any vulnerabilities found during them.
Yes: TYS has an approved Security Incident Management Plan in place which will undergo revisions as future requirements are defined. It follows ISO/IEC Standard 27035 security incident guidance, which includes a recommended five-step process of preparing for incidents, monitoring and reporting incidents, assessing and working out how to mitigate incidents, responding by resolving incidents, and documenting lessons learned. Any user of the TYS network can report an observed incident, which get logged in a tracking tool and classified with a severity level.
TYS is in the process of configuring SIEM tools that perform several functions, including monitoring network traffic to and from the Kubernetes clusters, identifying attacks and potentially compromised assets, and looking at activity logs for unauthorized or suspicious user or application access and changes to IBM Cloud resources.
More details available upon request.
The TYS network uses an IBP 2.0 high availability blockchain configuration and has distributed nodes across multiple zones and regions to allow for redundancy if a zone or region goes down. In the unlikely event that a critical severity 1 incident occurs, the TYS team will attempt to resolve it within 24 hours. TYS tests backup/restore processes and redundancy annually.
All TYS employees must complete a mandatory, custom security training program consisting of 23 modules on topics from malware to GDPR to general security awareness.
The full list of modules is available upon request.
Blockchain is by nature immutable and technically its data can never be deleted once written. However, blockchain data is referenced by a set of secure, encrypted keys. If a request is made to delete the data, the secure keys can be deleted, rendering the data on the blockchain irretrievable and permanently forgotten. PII data is stored off-chain with encryption keys so that GDPR requests to be forgotten can be met.
There are three main components that make blockchain secure and virtually impenetrable:
1. Decentralization - each record on the blockchain is immediately copied to every node of the network and algorithms constantly check to make sure no version of the record has been altered. Any instance of a record that has been hacked or altered, so that it doesn't match the same record on the rest of the nodes, is ejected and restored back to the collective understanding of the version of that record.
2. Transparency - data privacy is ensured through complex cryptography and no data is stored as readable text that can be used for nefarious purposes. So instead of "Bob’s Supply Co.", you would only see "1MF1bhsFLkBzzz9vpFYEmvwT2TbyCt7NZJ" in the record, unless you were given permission to see Bob’s information by Bob.
3. Immutability - As described above, each record is permanently stored on the blockchain in its original state and cannot be altered. As data is changed on the application, a new version of the record is saved and linked to the prior versions to preserve its evolution.