Security and Reliability in the Cloud
At Mojo Networks we operate a global cloud architecture designed to manage and support countless wireless access points across thousands of customer networks worldwide, connecting billions of devices in the process. This massive undertaking is the product of the careful and ongoing work our team has put in over the past seven years, taking a forward-thinking approach to cloud design, stability and security while working to stay ahead of customer requirements, ever-growing demand and evolving security threats.
The cloud is the new frontier, and we feel we must always exceed the expectations of organizations large and small in terms of data security, protection and privacy. It is only after achieving this high level of trust can we truly deliver value to our customers across the globe.
This section is dedicated to the steps we take to ensure your experience with Mojo Networks is as reliable and secure as you require. You can also check out more about our security program by reading our Network Security in the Cloud whitepaper.
A secure environment means ensuring the physical and network layer of our cloud is secure and properly certified according to international standards. We install all of our cloud applications within data centers provided by an Infrastructure-as-a-Service (IaaS) provider that is recognized as the undisputed leader in the industry and operates a global network. The overall security for this cloud environment is provided through those controls that are built into the IaaS platform directly and those that are configured and managed directly by our cloud operations team.
Simply relying on the security certifications of a datacenter provider is not enough. As a company we have installed our own set of rigorous processes to achieve the highest level of security possible and validated through the following certifications:
- ISO 27001:2013
- SSAE 16 SOC 2
This ensures that all of our software development and cloud management processes running on top of data center infrastructure are certified to strict industry standards.
Data Center Certification
We hold a high standard for IaaS providers. Among other criteria, we require our IaaS providers to demonstrate:
- ISO 27001:2013 certification
- SSAE 16 SOC 1, SOC 2 and SOC 3 certification
- Regular audits of physical, logical and data security controls performed by validated third parties
Together our IaaS provider and cloud operations team have put in place a series of environmental controls to ensure the physical and network security of your Mojo experience.
Three-Tier Firewall System
Three firewalls exist between the Internet and your individual cloud instance to deliver maximum protection.
- At the outermost boundary a perimeter firewall surrounds the Mojo cloud infrastructure. This firewall is focused on blocking network scans, attacks and external connection attempts, keeping the entire Mojo cloud protected from external threats. The firewall rules here are managed by the IaaS provider and reviewed and updated every 24 hours.
- Within the Mojo cloud a firewall surrounds each physical host. This firewall looks for and stops activities like promiscuous mode and host IP spoofing to reinforce the logical separation of tenets within the service provider’s data centers. Again, the firewall rules here are managed by the IaaS provider and reviewed and updated every 24 hours.
- We implement our own firewall between virtual hosts as well. Here we have complete control and use it to strictly enforce which ports are allowed inbound and outbound to access any particular virtual instance.
Regular Vulnerability Scans
We run regular vulnerability scans to validate firewall settings; in particular those rules that govern port allowances. These scans help ensure that firewall rules have been deployed successfully.
Web Application Security
Web application security scans focus on finding vulnerabilities at the web application level. The objective of web application security scans is to ensure that there are no exploitable vulnerabilities if an unauthorized user attempts to access the application.
Mojo Networks deploys 24x7 automated WAS scanning using WhiteHat Security services and complements it with twice a year manual (deep) scans by WhiteHat Security experts.
Physical and Environmental Security
The IaaS provider enforces strict rules around physical access to data centers. These include (but are not limited to):
- Two-factor authentication at every point of ingress into and within data centers
- Active monitoring by professional security staff using video surveillance, intrusion detection systems and other electronic means
- Maintaining access logs and performing periodic audits of those logs
A secure platform ensures that the services and applications used within the Mojo cloud are secure and protected. We assess any new system before it goes live, following a detailed hardening process for both applications and physical and virtual servers. But a secure platform must also ensure that any data which flows or is stored within the Mojo cloud is secure, and that involves limiting the data coming in and protecting it when it does.
At its core the Mojo cloud managed platform is built upon a true multi-tenant architecture, which separates customers at the database level for complete segregation of data. This architecture provides individual sandboxes that contain all aspects of the Mojo platform down to the data at rest, preventing crossover of or access to data from other tenets.
Local Traffic Breakout
The Mojo platform uses a controller-less architecture to support its wireless access point and cloud managed communication. As such there are some inherent advantages to this architecture in regards to data security, such as
- Client data passed along wireless networks never enters the cloud
- Traffic flow from access point to cloud is strictly for management data only and occurs using an AES-encrypted channel over a private UDP port
- Access points connect to the cloud in order to pass and receive management data using HMAC-SHA1 authentication
Platform Encryption and Certification
The Mojo platform is featured prominently in many federal and state government organizations. As such the encryption used between components of the platform is Federal Information Processing Standard (FIPS 140-2) certified. Certain products within the Mojo platform are also Common Criteria EAL2+ certified. These certifications along with other elements have made certain products within the Mojo platform eligible under the DISA UC APL.
Encryption of Data at Rest and in Transit
Mojo encrypts data in transit using AES. This includes management GUI (HTTPS) communication between the Mojo access point and the cloud and all interactions between different Mojo servers and applications in the cloud (HTTPS.
AES encryption is also applied to data at rest. Database backups of Mojo applications in the cloud are stored in AWS S3 and Glacier that are also AES encrypted. The live database of Mojo Wireless Manager (MWM), the flagship application that provides the wireless management console, resides in AWS EBS (Elastic Block Storage) and is also AES encrypted.
End User Data Protection
Any wireless network that would ask for end user information as part of or in addition to logging into the network itself is collected in an opt-in fashion only, with complete disclosure to the end user at the time of information collection. Certain information that is collected from the airspace via passive scanning is obfuscated via a one-way MD5 hashing algorithm and is exposed only when generating anonymous statistical data.
As a global cloud platform we make sure data within a specific data center is in the same jurisdictional country as the customer's network location. Through our IaaS provider we leverage data centers around the world to comply with local data residency regulations.
Secure access ensures that you have a secure connection to the Mojo cloud for whatever you need, and that any given account can be easily and granularly controlled to prevent users from accessing that which they do not or should not require.
Profile-Based Account Management
Mojo One is a single sign-on platform used across the Mojo cloud to provide access to any number of services and applications from a single pane of glass. In order to ensure that any given user has correct access and that permissions are consistent across similar user types, Mojo One supports a profile-based approach to account management.
- Profiles contain a standard set of permissions to be used by any individual within a specific identity group
- Role-based access controls enable administrators to determine the following characteristics of any given profile
- Which services within the Mojo cloud are available
- Which permissions within a specific service are granted
- Which location or group of locations within Mojo Navigator users can access
- Profiles are applied to new user accounts, and user accounts cannot fall under two different profiles simultaneously
- This profile-based approach governs both user and API accounts
All communication to the cloud is handled over HTTPS using secure TLS 1.2 256-bit encryption.
Administrators can enact a number of password policies including:
- Maximum failed login attempts
- Lockout period timeframe
- Minimum password lengths
- Forcing 2-factor authentication
The Mojo cloud platform supports two-factor authentication, leveraging something the user “knows” in the form of their password and something the user “has”. To accomplish this second factor, we have designed a one-time password (OTP) system.
- Users receive a randomly generated one-time password on demand from the Mojo cloud while they are logging in
- This OTP is sent via email and is only valid for ten minutes
- After the intial login, users can generate a shared key (if desired) to be used by any time-based TOPT generator app (like Google Authenticator) for future OTP generation
The Mojo cloud supports Federated Login, allowing administrators to integrate any identity provider for account management outside of the Mojo cloud directly. We support the SAML 2.0 protocol and use a SHA256 secure hash algorithm to establish a secure connection with the remote identity provider.
At Mojo Networks we have worked over the past seven years to develop a cloud architecture that can scale to near infinite levels and handle the growing demand of users, administrators and organizations around the globe. By partnering with top-tiered Infrastructure-as-a-Service (IaaS) providers we have built a strong cloud operations team dedicated to delivering reliable cloud access and reliable wireless networks.
There are multiple levels of reliability and fault tolerance that are built into the Mojo cloud platform. These are explained below.
Smart Edge Processing
Mojo wireless access points perform all traffic forwarding and intrusion prevention processing locally, having downloaded their policies from the cloud upon their initial activation. This controller-less architecture provides inherent fault tolerance for both wireless network connectivity and security. Simply put, access points are 100% operational despite any loss of or interruption to communication between them and the cloud, and moreover security events are stashed locally within access point memory banks and automatically uploaded when connectivity is restored.
Even if wireless access points are power cycled during this period, they continue to operate using the last known policy if the cloud is not reachable when they power on.
The core directories which store information necessary for access point redirection and user console sessions across the Mojo cloud managed platform are not only replicated across multiple data centers, but are maintained in full sync. This provides a high level of fault tolerance and reliability to the directory layer should an individual data center experience a slight or prolonged interruption.
Fault Tolerance for Virtual Cloud Instances
The virtual cloud instances that support the primary services of the Mojo cloud managed platform are deployed on a EC2 Hypervisor with N+1 redundancy. This means that if any of the N virtual instances fails, there is a standby virtual instance ready to take up processing of the failed instance. The transition happens automatically. Note that during the failover, the edge wireless connectivity and security are not impacted due to the smart edge processing described above.
Reliability of Storage
Mojo instances in EC2 use Elastic Block Storage (EBS) for persistent storage. The EBS is a high grade Storage Area Network (SAN). The SAN provides redundancy and automatic failover. The failover is transparent to the EC2 compute instances.
All factors considered, Mojo Networks assures 99.95% availability for its cloud managed platform around the world.
Disaster events are characterized as rare catastrophic events such as earthquakes or terrorist attacks that might cause the entire data center or a significant part of it to be physically devastated. The Mojo cloud architecture is capable of supporting full 1:1 redundancy across geographically separated data centers with automatic failover. However, such a configuration can be costly for end users as it requires almost twice as many resources in use in the cloud at once.
As a result we implement an alternative disaster recovery solution that strikes a strong balance between cost and protection. We automatically back up customer databases in the EBS every day. These backed-up databases are stored in S3 storage, a service that offers encryption and redundancy for backups. In the event of a disaster, our Mojo cloud operations team is equipped to start new EC2 instances for all affected customers at a different data center using the backed up databases. This way, you network management can be operational within hours from its last known state that itself is no more than 24 hours past.