How we protect our customers and web visitors
As part of looking after yourself, you need to know which websites and applications you can trust. There are specific questions needing to be asked, and things to look for.
At JIIG-CAL Australia Terms & Conditions are listed on our websites (eg https://www.jiig-cal.com.au/terms-conditions). As with other reputable organisations these tend to be more legal requirements than technical explanations. In this blog I’d like to provide more IT security background information, so you can be absolutely confident about accessing information at our main website), as well as using Career Voyage and Career Compass for your career planning needs.
“Is my data secure?” It’s the first question many people think of when logging into an application for the first time (eg Career Voyage for Individuals). So here is our answer to that first important question.
JIIG-CAL Australia utilises Amazon Web Services (AWS) for our infrastructure which has achieved ISO27001 certification and successfully undertaken multiple SSAE 16 Audits. Amazon Web Services are amongst the biggest, most secure and well regarded web services in the world.
AWS data centres are state of the art, utilizing innovative architectural and engineering approaches. The Services provide security capabilities and services to increase privacy and control network access, including:
- Network firewalls built into Amazon VPC, and web application firewall capabilities in AWS WAF enabling us to create private networks, and control access to our instances and applications
- Encryption in transit with TLS across all services
- Connectivity options that enable private, or dedicated, connections from our environment
AWS data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorised staff must pass two-factor authentication a minimum of two times to access data centre floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorised staff. JIIG-CAL staff do not have physical access to AWS facilities.
You can find more related information at http://aws.amazon.com/security/
SSL Encryption
You will often see SSL-secured website addresses (URLs), such as for banks, beginning with https rather than http.
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser (you).
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.
SSL secures millions of peoples’ data on the Internet every day, especially during online transactions or when transmitting confidential information. Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an extended validation SSL-secured website. (Extract from https://www.digicert.com/ssl.htm.)
Establishing Even Greater Level of Website Security
While SSL certification encrypts and protects information transmitted online from being intercepted and stolen by third parties, plain SSL does not help users cross-check the website’s identity. Domain-validated (DV) SSL Certificates are easy to obtain online, with no identity check by a human being. The ease of acquiring SSL Certificate has even encouraged phishers and other malicious entities to use them in establishing their online “credibility.”
Extended Validation, or EV SSL, raises the bar on standard SSL validation processes, incorporating some of the highest standards in identity assurance to establish the legitimacy of online entities. Certificate Authorities (CAs) put applicant websites through rigorous evaluation procedures and meticulous documentation checks to confirm their authenticity and ownership. This systematic authentication process, also known as the Extended Validation Standard, is based on a set of guidelines prescribed for CAs to adhere to when they receive a request for a digital certificate from an organization or business entity.
These checks and guidelines include:
- Establishing the actual legal, physical and operational existence of the entity (ie the company, government department, etc)
- verifying that the entity’s identity matches official records like incorporation, Australian Business Number, etc.
- business licensing information
(Extract from https://www.instantssl.com/https-tutorials/ev-ssl.html.)
In other words, when you see
you can be sure that you are dealing with this Bank.
Similarly these higher level security strategies are what JIIG-CAL Australia uses. So when you see
you can be sure that (a) you are actually dealing with JIIG-CAL Australia and not some web fake look-alike, and (b) data is encrypted and safe.
If you have any queries you can email us at info@jiig-cal.com.au.
Bob Bredemeyer
October 2016