Pivotal Web Services Security Overview

Technical Overview

Pivotal Web Services is a cloud based application hosting platform, managed and operated by Pivotal Software, Inc. (“Pivotal”) and hosted on Amazon Web Services (“AWS”) in the United States (“PWS”). PWS is a hosted version of the open source Cloud Foundry platform-as-a-service software. Pivotal leverages a combination of internal and operational controls, along with controls provided by AWS to protect the security of the platform.

AWS Security

As infrastructure-as-a-service (“IaaS”) providers invested in the security of their environments, AWS makes use of a wide range of industry certifications and independent third-party attestations. Detailed IaaS-specific security information can be obtained from AWS Cloud Compliance. The following are some examples of security certifications held by AWS:

  • SOC 1, SOC 2, and SOC 3 reports
  • PCI DSS Level 1 certification
  • ISO 27001 certification
  • ISO 27017 certification

Customer Data

Customer Application Data and Account Information on PWS

PWS stores the following customer application data and account information:

  • Account information
  • Application code and running apps
  • Task code and running tasks
  • Application and task short-term logging and metadata
  • Platform logs, which includes usage metadata

Customer Application Data Through Third-Party Services

PWS applications sometimes use third-party services and/or customer-provided storage for data persistence and other application services. PWS may make available such services through its Marketplace. Customer use of such third-party services are subject to the terms of use of such third-party services, including any applicable data privacy and security policies. Customers are responsible for checking with applicable third parties for any terms or restrictions available from those service providers.

Multitenancy

Cloud Foundry provides isolation through its governance framework features, which defines groupings of apps and services into entities known as Organizations and Spaces. PWS users are assigned to organizations and spaces by the Organization Manager role designated at account creation and through system user interfaces. Access scope is governed by the roles users possess in those entities. It is through these roles and scopes that multi-tenancy is achieved. Users’ administrative access is limited to their assigned organizations and spaces. An application’s access is governed by the application access rules defined within the application. Apps are internet routable entities, which are generally accessible from the public internet.

Application Isolation

Applications on PWS are deployed into “containers” and isolated from other applications. Because applications are deployed onto shared infrastructure, these containers may be co-resident with other containers on AWS EC2 Instances provisioned by PWS. These AWS EC2 instances may be co-resident with other AWS EC2 instances on shared physical machines.

Cloud Foundry and AWS provide isolation that enhances security and relative performance separation. The container runtime is designed to ensure that adjacent containers are unable to access data or connectivity between containers unless explicitly permitted by defined policies.

Administrative Access

Administrative access to the PWS environment, including customer applications, is only provided to Pivotal employees located in the United States, Canada, the United Kingdom, and Ireland with a business need (e.g., in order to maintain the PWS environment), and is removed when access is no longer required.

Business Continuity

PWS relies on the availability model of the underlying AWS infrastructure and supports multiple AWS availability zones (AZs) within the AWS US-East Region (Virginia). PWS can distribute instances of an application across the AWS AZs to ensure availability of applications in the event of an AWS data center failure. This availability requires that multiple instances of applications be deployed. Failure of the US East AWS region may impact availability of hosted applications.

For purposes of data locality, operational data that is at rest resides solely in the environment where applications are deployed. For PWS, application and operation data resides in AWS in the United States. Customers are responsible for monitoring the availability and performance of their applications.

Penetration Testing and Vulnerability Assessments

Pivotal periodically uses third-party security firms to perform security assessments of the PWS environments. These assessments are performed at a minimum of once a year. Any resulting findings are prioritized and addressed according to Pivotal policies and industry best practices. Although specific results from these assessments cannot be provided to customers, upon request Pivotal may share information with customers about the methodology and scope of its security assessments.

Customers may test their own applications hosted on PWS with prior written approval from Pivotal, but due to the multi-tenant nature of the environment, customer security assessments of PWS itself are not permitted.

If you have any questions about the PWS security program, or would like to obtain approval for testing your own applications hosted on PWS, contact us at security@pivotal.io.

Employee Screening

Pivotal performs pre-employment screening and background checks, where permitted by law.

Privacy

Please refer to Pivotal’s Privacy Policy for information on how personal information is collected and used on PWS.


Disclaimer

This document is provided for informational purposes only and represents Pivotal’s current offerings as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of Pivotal’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from Pivotal, its affiliates, suppliers or licensors. The responsibilities and liabilities of Pivotal to its customers are controlled by Pivotal agreements, and this document is not part of, nor does it modify, any agreement between Pivotal and its customers.