Security and data
Goodwings provides a comprehensive, secure, and cloud-based platform tailored to simplify corporate travel management while empowering businesses to measure, manage, and reduce their carbon footprint.
Platform architecture
Goodwings combines AWS and Vercel to deliver a fast, secure, and scalable platform for managing corporate travel and carbon accountability. While AWS powers the back-end services, Vercel's globally distributed edge network ensures reliable and efficient front-end performance. Goodwings' platform architecture leverages AWS infrastructure and industry-best practices to ensure availability, scalability, and robust data protection.
Infrastructure and Network Architecture
Goodwings implements a tenant-based architecture where customer data is logically isolated within a shared database.
Front-End Hosting
Goodwings leverages Vercel's globally distributed edge network to deliver front-end applications with zero downtime and fast content delivery.
Back-End Hosting
All back-end infrastructure operates within the Amazon Web Services (AWS) eu-central-1 region, ensuring compliance with data residency requirements.
Availability Zones
Resources are distributed across three Availability Zones (AZs) for fault tolerance and high availability.
Dedicated VPCs
Separate Virtual Private Clouds (VPCs) are maintained for production and non-production environments, ensuring isolation and security.
Public and Private Subnets
Applications and services are strategically deployed in public subnets (for internet-facing components) and private subnets (for internal-used services).
Environment Isolation
To maintain data integrity and security, Goodwings strictly separates production environments from non-production systems.
Production Environment
Operates independently within dedicated VPCs with restrictions on access and monitoring.
Non-Production Environments
Environments for development, testing, QA, and staging remain isolated and do not contain real customer data.
SECURITY DESIGN
Role-Permission-Based Access Control
Goodwings uses a role-permission-based access control system to ensure users have access only to data and actions relevant to their roles. Users are divided into five predefined roles.
Root Admin
Has full administrative access to the entire system, including all data and configurations.
Company Admin
Manages organizational settings, travel policies and user accounts for their specific company.
Company Reporting Admin
Accesses company-level analytics, reports and carbon tracking data.
Travel Arranger
Handles bookings and travel arrangements for other users within the organization.
Traveler
Primary users who log in to search, book and manage their personal travel needs.
Tenant Isolation
Goodwings employs a multi-tenant architecture that ensures logical isolation of customer data.
Data Segregation
All customer data resides in a single database but is logically segmented using tenant identifiers to ensure isolation and prevent unauthorized access between tenants.
Access Controls
Role-based access controls (RBAC) are enforced at the application layer, ensuring users can only access data specific to their tenant.
Monitoring and Auditing
All data access and interactions are logged and monitored to detect anomalies and ensure compliance with security standards.
Alerting Mechanism
In case of any unexpected suspicious events, alerts are sent to internal Slack channels, accessible exclusively by the Security team, for immediate manual investigation.
COMPREHENSIVE DATA SECURITY
End-to-End Data Protection
Goodwings ensures that sensitive data is safeguarded throughout its lifecycle with robust encryption protocols and strict access controls:
In-Transit Encryption
All data transmissions between services and external systems are secured with TLS 1.2.
Sensitive Data Encryption
Data stores in AWS services, such as RDS and ElastiCache (cache servers), is encrypted using AES-256 encryption via OpenSSL. Encrypted values are secured with a message authentication code (MAC) to prevent tampering.
Key Management
Encryption keys are securely managed and rotated following industry standards to ensure ongoing data protection.
System Monitoring and Automated Recovery
Goodwings maintains system stability and proactively mitigates issues with a combination of monitoring, logging, and recovery tools:
CloudWatch
Monitors resource utilization, system performance, and key application metrics.
Automated Backups
Regular snapshots of RDS databases and S3 data ensure quick recovery in the event of failure.
Incident Management
Alerts and escalation workflows enable rapid response to detected issues, minimizing downtime.
SECURE DEVELOPMENT, DEPLOYMENT, AND OPERATIONS
Secure SDLC
Goodwings implements a Secure Software Development Lifecycle (SDLC) to maintain platform integrity.
Regular Reviews
Application design, architecture, and features undergo regular security reviews by the Goodwings security team.
Static Code Analysis
Automated tools identify potential security bugs and vulnerabilities during development.
Uptime Monitoring
Continuous uptime monitoring ensures the platform remains operational, with alerts configured for immediate action during outages or performance degradation.
Secure Deployment
Pipeline Types
Release, bugfix, and hotfix pipelines track all changes at the PR level, ensuring accountability.
Role Segregation
Roles and permissions enforce segregation of duties for who can deploy code to production.
Secure Internal Resource Access
Internal access to the production environments is tightly controlled.
VPN Access
A Goodwings-Managed SSL VPN server provides secure access to production endpoints for troubleshooting.
IAM Policies
Logical access to AWS resources is gated by IAM roles, adhering to the principle of least privilege.
Two-Factor Authentication (2FA)
Enforced 2FA is required for accessing AWS management portals and all administrative production systems, providing an extra layer of security against unauthorized access.
Access Auditing
All access is monitored, logged and controlled to ensure compliance and security.