New Platform Infrastructure
January, 2021
TL;DR Overview
The Ovrture platform was recently migrated to modernized digital infrastructure on the AWS cloud. The transition from old to new was seamless and had no impact on the application or client systems. All in all, Ovrture is now faster, more flexible, and more secure than ever. Have questions? Please contact support@ovrture.com.
The Infrastructure Details
What we built…
We now have a global network accelerator that helps speed up your connection to our systems by automatically finding the most efficient route from your computer to our systems. A Web Application Firewall and a Distributed Denial of Service protection service now filter out attacks from internet traffic before that traffic even arrives at our Virtual Private Cloud (VPC). Within our VPC, we have constructed a load-balanced, containerized, auto-scaling environment where our application—together with all of the related configuration files, libraries, and dependencies required for it to run—can be created, revised, and managed as version- and source-controlled code.
Enhanced security…
Containerization has the additional security benefit of isolating potential breaches to the compromised component while also providing an opportunity for our Intrusion Detection and Prevention System to detect attempts to traverse these boundaries before any client data can be reached (also known as a container escape) functioning as a digital trip wire.
We have implemented Continuous Integration and Continuous Deployment systems. This means we replace containers with each new version of code we deploy to serve you. This makes it much more difficult for any potential intrusion to persist for any significant period of time should an attack somehow penetrate our multilayered cyber defenses.
When we deploy an update to the Ovrture platform, new containers are generated, scanned for security vulnerabilities, and submitted to automated testing. Only after passing these tests are user sessions and web traffic forwarded to the containers running the latest application code. Once all connections have been migrated, previous containers are spun down and deleted.
Enhanced performance…
With the enhanced infrastructure, we have also taken the opportunity to streamline and modernize. This resulted in a more energy- and cost-efficient system overall. As the volume of traffic to our application can vary greatly, our auto scaling will automatically add capacity to meet the need and then collapse it when traffic is reduced. This ensures a speedy experience for Ovrture users, donors, and prospects because no one likes waiting for a page to load.
New cloud footprint, same imperatives…
Your data is still protected by encryption starting from your web browser until it is stored on our systems, where it remains encrypted. Access to our systems and the data you both upload and create within our system is restricted by Ovrture applications accounts, institutional accounts where Single Sign On has been implemented, and Amazon Web Services (AWS) accounts bound to our identity provider and protected by Multi-Factor Authentication. Security groups restrict access both to and within our VPC to the bare minimum needed as dictated by best practice. We employ Capsule8 on each cluster node to both detect and prevent intrusions. This is in addition to the security layers managed by AWS for container management. Client data is still stored exclusively on databases and file systems separated from our application servers, and access to these is as restricted as possible.
Next up…
Our new infrastructure environment makes capturing the changes made by our agile development team more feasible and disaster recovery faster and easier to implement should the need arise. We will also be able to quickly harness new solutions as containers are a technology industry standard many service providers and open-source projects have adopted. We also plan to reorganize our platform into multiple containers as we begin to work on new means of getting data in and out of the Ovrture platform. This includes new uploaders, exporters, and an Application Programming Interface with the goal of facilitating automations and integrations with other tools you use to manage your operations.