Official Policies and Security Information for Bloom Growth

October 2, 2022

Note: Usage of "we" and "our" indicates Bloom Growth. Usage of "you" and "yours" indicates current, former and potential users of our services and visitors to our websites.

Our Security

General Information

Bloom Growth is hosted on Amazon Web Services (AWS). As an AWS hosted website, we enjoy all security best practices implemented by Amazon (the same ones uses). Bloom Growth uses Elastic Beanstalk (a product of AWS) to scale up with demand and provide website redundancy through multiple servers hosting Bloom Growth. This means if one server goes down, others take its place automatically. It also means if we experience unusually high traffic, more servers come online to handle the workload. Currently, our servers are located in various availability zones throughout the United States in secure AWS facilities.

Your data is protected from the outside world. The Bloom Growth database is only accessible from over Amazon's private network, and, even then, only visible to other Bloom Growth servers. This information is inaccessible to the outside world except through the Bloom Growth website and only when signed in as an authorized user. All data-in-motion (anything that you would see visiting is encrypted with SSL and cannot be read if intercepted in transit.

Are your servers dedicated (to Bloom Growth) or are they shared?

The Bloom Growth web service is hosted on virtual servers which are logically isolated from other AWS virtual servers. Web Services may share hardware but have separate operating and memory space.

What is the physical security of Amazon’s server farm?

From AWS Security Whitepaper (August 2016)

AWS’s data centers are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Is there any geographical redundancy or are all servers physically located close to each other?

Bloom Growth is made up of several microservices, some of them their own separate database. Currently, all servers are located in the same availability zone as their respective database. This significantly reduces latency. The database is replicated in multiple availability zones. In the event of a database failure, database access fails-over to another availability zone temporarily.

Where specifically are the servers located (City/State)?

The main Bloom Growth website is located in the Oregon availability zone, in two of the following near either Grandview, Antelope or Mitchell. Additional services are located in North Virginia near either Montvale, Buena Vista or Lynchburg. The exact location of the servers are kept secret by Amazon for additional security.

Is there on-demand scaling (“if we experience unusual high traffic…”)? If so, is this automatic as well?

Yes. Additional resources are provisioned automatically through AWS as needed.

What standards and/or specific compliance does AWS have?

From AWS Security Whitepaper (August 2016)

SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC 2, SOC 3, FISMA, DIACAP, and FedRAMP, DOD CSM Levels 1-5, PCI DSS Level 1, ISO 9001 / ISO 27001, ITAR, FIPS 140-2, MTCS Level 3

Is there a self-hosted version?

A self-hosted version of Bloom Growth is not part of our product development roadmap.

How are backups handled?

Automatic backups are performed daily and are retained for 7 days. Permanent backups are made monthly.

Who from Bloom Growth can view data in the cloud?

Only the Customer Support and Engineering departments have access and only in assisting you at your request. No third-party has access to your data. We maintain audit logs for every request made to the website.

Is two-factor authentication offered?

Not at this time.

What is your uptime?

We understand that having access to your data at all times is of utmost importance. This is one of the reasons we selected Amazon Web Services for Bloom Growth software, given their strong infastructure and committment to maintaining maximum uptime.

We are currently offering 99.95% uptime. We are always working to improve this number.