Single Logins & Authentication
Tulip ensures separate logins for each admin. Authentication for stations is done on a per-device basis based on a randomly-generated shared secret. Once a device is authenticated with Tulip, an operator can use it by entering using an RFID badge or their credentials.
Tulip Employee Access Rights
Access to Tulip internal and production systems is strictly controlled and provided only to employees as needed. Tulip terminates personnel physical and logical access to Tulip Information Systems no later than the date of separation
Tulip requires the use of strong passwords and 2 Factor Authentication for all Tulip employee accounts having access to Customer Data, including requirements for minimum password length, lockout, expiration period, complexity, encryption, changing of default passwords, and usage of temporary passwords. User account credentials (e.g., login ID, password) are never shared. In the Tulip system, customer passwords are hashed client-side with SHA256, then are salted and hashed with industry-standard bcrypt server-side before being written to persistent storage.
Third Party Cloud Hosting Provider
Tulip uses Amazon Web Services (AWS), a third party hosting partner, to provide the necessary hardware, software, networking, storage, and related technology required to run our service. The IT infrastructure that AWS provides to us is designed and managed in alignment with security best practices and a variety of IT security standards, including: SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC 2, SOC 3, FISMA, DIACAP, and FedRAMP, DOD CSM Levels 1-5, PCI DSS Level 1, ISO 9001 / ISO 27001, ITAR, FIPS 140-2, MTCS Level 3
Physical access to AWS environments is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
All Tulip servers on our AWS Virtual Private Cloud (VPC) are behind a firewall that limits administration from outside of our IP address. Network devices, including firewall and other boundary devices, are put in place by our hosting provider to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. AWS has put in place monitoring tools that are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. The AWS network provides significant protection against traditional network security issues such as Distributed Denial Of Service (DDoS) Attacks, Man in the Middle (MITM) Attacks, IP spoofing, packet sniffing, and port scanning. We implement additional security controls such as IDS and IPS system at the entry points into our cloud environment.
Tulip uses automatic security updates to apply all critical patches or security updates within thirty (30) days from the release of any such updates or patches.
Databases are collocated in AWS and open only to traffic from within the Tulip VPC. Authentication keys are randomly generated. Parameterization is used to avoid injection attacks. Data is encrypted at rest.
Tulip periodically performs 3rd-party penetration tests. Additionally, we use static analysis of our code base to continually check for common vulnerabilities.
Development and Test Environments
Development and testing environments are physically and logically separated from production environments.
Data transmitted between Tulip servers and customers is encrypted using the strongest ciphers available by the client. Tulip services handling production data receive an A+ from the Qualys SSL Labs test. Modern browsers connecting to Tulip will use Elliptic-Curve Diffie-Hellman Ephemeral (ECDHE) for key exchange adding perfect forward secrecy (PFS), RSA for authentication, 128-bit AES in Galois/Counter Mode for encryption, and SHA256 for MAC. Outdated cipher suites are forbidden; our servers will refuse to use any suite weaker than RSA_WITH_3DES_EDE_CBC_SHA. Data transferred between application servers and database servers within the AWS network is also encrypted in transit using similar ciphers. All of our databases are additionally encrypted at rest using 256-bit AES. Uploaded assets are also encrypted at rest. Tulip's technical operations team reviews the latest recommendations for encryption ciphers and implementations to keep our cipher selections up-to-date with industry best-practices.
Security Incidents on Tulip Information Systems are logged and immediately addressed. These secured logs are regularly reviewed and maintained for a minimum of twelve (12) months. The Tulip technical operations team employs industry-standard diagnostic procedures to drive resolution during business-impacting events. Staff operators provide 24x7x365 coverage to detect incidents and to manage the impact and resolution. Documentation is maintained to aid and inform operations personnel in handling incidents or issues. If the resolution of an issue requires collaboration, the operations team will page additional staff and collaborate using electronic conferencing technology that logs communication for review. Post-mortems are convened after any significant operational issue, regardless of external impact, and identify root-cause and additional technological or procedural improvements to implement additional preventative measures to prevent recurrence. Tulip has implemented various methods of internal communication to help all employees understand their individual roles and responsibilities and to communicate significant events in a timely manner. These methods include orientation and training programs for newly hired employees; regular all-hands meetings for updates on business performance and other matters; and electronic means such as video conferencing, electronic mail messages, and the posting of information via Tulip internal communication channels.
Data Recovery and Redundancy
All active Customer Data is stored in at least two separate facilities and can be recovered in the event of a loss of any individual data center. Backups are stored using AWS S3, which stores all backup data redundantly in multiple geographic regions and provides 99.999999999% durability and 99.99% availability.
Tulip implements documented change management procedures that provide a consistent approach for controlling, implementing and documenting changes (including emergency changes) for Tulip Information Systems that includes immutable records of all code and infrastructure changes and systematic review of changes. Updates to Tulip code and infrastructure are done to minimize any impact on the customer and their use of services, including the use of zero-downtime deployment strategies and scheduling downtime around customer production schedules to prevent service interruption during working hours. Tulip will communicate with customers when unplanned downtime may affect customers' use of Tulip services, or in the unlikely event that downtime must occur during operating hours.
The data centers of our hosting provider are built in clusters in various global regions. All data centers are online and serving customers; no data center is “cold.” In case of failure, automated processes move customer data traffic away from the affected area. Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. Data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24x7x365. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.