Powered by

Security and data

Goodwings provides a comprehensive, secure, and cloud-based platform tailored to simplify corporate travel management while empowering businesses to measure, manage, and reduce their carbon footprint.

Platform architecture

Goodwings combines AWS and Vercel to deliver a fast, secure, and scalable platform for managing corporate travel and carbon accountability. While AWS powers the back-end services, Vercel's globally distributed edge network ensures reliable and efficient front-end performance. Goodwings' platform architecture leverages AWS infrastructure and industry-best practices to ensure availability, scalability, and robust data protection.

Goodwings Articthecture structure

Infrastructure and Network Architecture

Goodwings implements a tenant-based architecture where customer data is logically isolated within a shared database.

Front-End Hosting

Goodwings leverages Vercel's globally distributed edge network to deliver front-end applications with zero downtime and fast content delivery.

Back-End Hosting

All back-end infrastructure operates within the Amazon Web Services (AWS) eu-central-1 region, ensuring compliance with data residency requirements.

Availability Zones

Resources are distributed across three Availability Zones (AZs) for fault tolerance and high availability.

Dedicated VPCs

Separate Virtual Private Clouds (VPCs) are maintained for production and non-production environments, ensuring isolation and security.

Public and Private Subnets

Applications and services are strategically deployed in public subnets (for internet-facing components) and private subnets (for internal-used services).

Environment Isolation

To maintain data integrity and security, Goodwings strictly separates production environments from non-production systems.

Production Environment

Operates independently within dedicated VPCs with restrictions on access and monitoring.

Non-Production Environments

Environments for development, testing, QA, and staging remain isolated and do not contain real customer data.


SECURITY DESIGN

Role-Permission-Based Access Control

Goodwings uses a role-permission-based access control system to ensure users have access only to data and actions relevant to their roles. Users are divided into five predefined roles.

Root Admin

Has full administrative access to the entire system, including all data and configurations.

Company Admin

Manages organizational settings, travel policies and user accounts for their specific company.

Company Reporting Admin

Accesses company-level analytics, reports and carbon tracking data.

Travel Arranger

Handles bookings and travel arrangements for other users within the organization.

Traveler

Primary users who log in to search, book and manage their personal travel needs.

Tenant Isolation

Goodwings employs a multi-tenant architecture that ensures logical isolation of customer data.

Data Segregation

All customer data resides in a single database but is logically segmented using tenant identifiers to ensure isolation and prevent unauthorized access between tenants.

Access Controls

Role-based access controls (RBAC) are enforced at the application layer, ensuring users can only access data specific to their tenant.

Monitoring and Auditing

All data access and interactions are logged and monitored to detect anomalies and ensure compliance with security standards.

Alerting Mechanism

In case of any unexpected suspicious events, alerts are sent to internal Slack channels, accessible exclusively by the Security team, for immediate manual investigation.


COMPREHENSIVE DATA SECURITY

End-to-End Data Protection

Goodwings ensures that sensitive data is safeguarded throughout its lifecycle with robust encryption protocols and strict access controls:

In-Transit Encryption

All data transmissions between services and external systems are secured with TLS 1.2.

Sensitive Data Encryption

Data stores in AWS services, such as RDS and ElastiCache (cache servers), is encrypted using AES-256 encryption via OpenSSL. Encrypted values are secured with a message authentication code (MAC) to prevent tampering.

Key Management

Encryption keys are securely managed and rotated following industry standards to ensure ongoing data protection.

System Monitoring and Automated Recovery

Goodwings maintains system stability and proactively mitigates issues with a combination of monitoring, logging, and recovery tools:

CloudWatch

Monitors resource utilization, system performance, and key application metrics.

Automated Backups

Regular snapshots of RDS databases and S3 data ensure quick recovery in the event of failure.

Incident Management

Alerts and escalation workflows enable rapid response to detected issues, minimizing downtime.


SECURE DEVELOPMENT, DEPLOYMENT, AND OPERATIONS

Secure SDLC

Goodwings implements a Secure Software Development Lifecycle (SDLC) to maintain platform integrity.

Regular Reviews

Application design, architecture, and features undergo regular security reviews by the Goodwings security team.

Static Code Analysis

Automated tools identify potential security bugs and vulnerabilities during development.

Uptime Monitoring

Continuous uptime monitoring ensures the platform remains operational, with alerts configured for immediate action during outages or performance degradation.

Secure Deployment

Pipeline Types

Release, bugfix, and hotfix pipelines track all changes at the PR level, ensuring accountability.

Role Segregation

Roles and permissions enforce segregation of duties for who can deploy code to production.

Secure Internal Resource Access

Internal access to the production environments is tightly controlled.

VPN Access

A Goodwings-Managed SSL VPN server provides secure access to production endpoints for troubleshooting.

IAM Policies

Logical access to AWS resources is gated by IAM roles, adhering to the principle of least privilege.

Two-Factor Authentication (2FA)

Enforced 2FA is required for accessing AWS management portals and all administrative production systems, providing an extra layer of security against unauthorized access.

Access Auditing

All access is monitored, logged and controlled to ensure compliance and security.