Security of Springpod's key Third Party suppliers
Google Workspace has been built from the ground up to mitigate the unique threats to cloud systems. Google designed Google Workspace with very stringent privacy and security standards based on industry best practices with a robust contractual commitment regarding data ownership, data use, security, transparency and accountability. All users have Multi-Factor Authentication (MFA) employed. Data in transit is secured by transit Link Security (TLS) where possible.
Google undergoes several independent third-party audits regularly. The independent auditors examine the controls present in their data centres, infrastructure and operations. Examples of these audits and standards include: SOC1™, (SSAE-16/ISAE-3402), SOC2™, SOC3™, ISO 27001, ISO 27018:2014 and FedRAMP. Core customer data that is uploaded or created in Google Workspace services is encrypted at rest. This encryption happens as it is written to disk, and Google encrypts data with distinct encryption keys. Data is encrypted using 128-bit or stronger Advanced Encryption Standard (AES). Google encrypts core Google Workspace data while it is "in transit" as well, whether it is travelling over the Internet between the customer and Google or moving within Google as it shifts from one data centre to another. This data is encrypted using HTTPS with forward secrecy.
Amazon Web Services (AWS)
All users access Springpod's platform via a front end application that can access the data it needs via an authenticated API that uses a secure SSL connection encrypted with 2048 bit RSA key certificate issued by Amazon. We authenticate users on the platform rather than using a directory.
Authentication and authorisation on the back end ensure that users can only access the data that concerns them and is protected by strong user passwords that are combined with a salt and encrypted using a 128 bit AES cipher and base64 encoded using the tested and widely peer-reviewed Crypto library.
All access to the system is logged, both at the AWS network level and through the logging of authentication requests.