Overview
Security
vGRID Core

vGRID Core Infrastructure Security

The vGRID Core is the centre of the vGRID SaferCity Platform and connects vGRID Gateways (and their associated assets) to vGRID App Users. vGRID has been developed alongside Police agencies, such that the only information gathered is information required for the platform to operate.

The vGRID Core is hosted on SaferCities-managed infrastructure in a secure datacentre. Only authorised SaferCities infrastructure engineers have access to the equipment rack.

vGRID is built on a microservices-based architecture with continuous integration and continuous deployment. vGRID is constantly updated and improved without outages or interruption to service to provide high availability and regular updates, patching and maintenance where required.

vGRID Core also follows network segmentation best practices such that higher-security level information cannot be accessed by lower-security users. vGRID is designed to expose the least number of ports to the internet necessary and ensures that all communication is done with industry best practices.

vGRID Core Servers run Debian Linux and use UEFI Secure Boot. vGRID VMs run Ubuntu Linux and also leverage UEFI Secure Boot. Data disks are encrypted in both the core servers and VMs.

Firewalls, Routers and Switches all run signed updates via respective vendor update channels. vGRID Core infrastructure is regularly patched (monthly, or as appropriate based on critical vulnerabilities).

For engineer access to core infrastructure Single Sign On is leveraged. Where a system doesn’t support SSO directly (such as the underlying Linux systems), short-lived signed SSH certificates are issued by SaferCities’ SSH CA (Hashicorp Vault), which itself only allows access based on Azure AD groups. User action logging is enabled and forwarded for auditing.

User and application data (databases) are backed up daily to AWS S3. All S3 data including ANPR images and vGRID Vault data is encrypted at rest using Amazon S3 Server-side encryption with Amazon S3 managed keys (SSE-S3). Backups are tested where required.

vGRID infrastructure leverages infrastructure as code where configuration settings scripts are version controlled and managed in Github.

SecurityvGRID Gateway