An Overview
Infrastructure
Note: Usage of “we”, “us”, and “our” indicates Winter International LLC – Bloom. Usage of “you” and “yours” indicates current, former and potential users of our services and visitors to our websites.
Amazon Web Services
Our services are hosted on Amazon Web Services (AWS). As an AWS hosted website, we enjoy all security best practices implemented by Amazon (the same ones Amazon.com uses). We use AWS to scale up with demand and provide website redundancy through multiple servers hosting our service. This means if one server goes down, others take its place automatically. It also means if we experience unusually high traffic, more servers come online to handle the workload. Currently, our servers are located in various availability zones throughout the United States in secure AWS facilities.
Your data is protected from the outside world. Our database is only accessible from over Amazon’s private network, and, even then, only visible to other servers that we designate. This information is inaccessible to the outside world except through our website and only when signed in as an authorized user. All data-in-motion (anything that you would see visiting https://app.bloomgrowth.com) is encrypted with SSL and cannot be read if intercepted in transit. At-rest data is also encrypted with varying high standards.
Server Isolation
Our web service is hosted on virtual servers which are logically isolated from other AWS virtual servers. Web Services may share hardware but have separate operating and memory space.
Physical Security
AWS’s data centers are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. – From AWS Security Whitepaper (August 2016)
Geographic Redundancy
Our service is made up of several micro-services, some of them have their own separate database. Servers are typically located in the same availability zone as their respective database. This significantly reduces latency. The database is replicated in multiple availability zones. In the event of a database failure, database access fails-over to another availability zone temporarily.
We maintain geographically-disparate snapshots of core services and database.
Traffic Scaling
Our software is continually monitored for speed and reliability. When high-utilization is occurring, we manually and automatically scale our infrastructure to ensure up-time.
Uptime
We typically operate at near-100% uptime. Our status page is available at https://status.bloomgrowth.com and we recommend subscribing to this service. You can subscribe to an RSS feed so that no PII is required.