Security and data

Goodwings provides a comprehensive, secure, and cloud-based platform tailored to simplify corporate travel management while empowering businesses to measure, manage, and reduce their carbon footprint.

The platform’s success is built on partnerships with leading industry platforms - Spotnana and JTB Corporation, which bring unparalleled expertise to travel booking and ticket fulfillment.

Powered by

Platform architecture

Goodwings combines AWS and Vercel to deliver a fast, secure, and scalable platform for managing corporate travel and carbon accountability. While AWS powers the back-end services, Vercel's globally distributed edge network ensures reliable and efficient front-end performance.

Goodwings' platform architecture leverages AWS infrastructure and industry-best practices to ensure availability, scalability, and robust data protection.

 

Infrastructure and Network Architecture

Goodwings implements a tenant-based architecture where customer data is logically isolated within a shared database:

  • Front-End Hosting: Goodwings leverages Vercel's globally distributed edge network to deliver front-end applications with zero downtime and fast content delivery.

  • Back-End Hosting: All back-end infrastructure operates within the Amazon Web Services (AWS) eu-central-1 region, ensuring compliance with data residency requirements.

  • Availability Zones: Resources are distributed across three Availability Zones (AZs) for fault tolerance and high availability.

  • Dedicated VPCs: Separate Virtual Private Clouds (VPCs) are maintained for production and non-production environments, ensuring isolation and security.

  • Public and Private Subnets: Applications and services are strategically deployed in public subnets (for internet-facing components) and private subnets (for internal-used services).

 

Environment Isolation

To maintain data integrity and security, Goodwings strictly separates production environments from non-production systems:

  • Production Environment: Operates independently within dedicated VPCs with restrictions on access and monitoring. 

  • Non-Production Environments: Environments for development, testing, QA, and staging remain isolated and do not contain real customer data.  

Secure Design

Role-Permission-Based Access Control

Goodwings uses a role-permission-based access control system to ensure users have access only to data and actions relevant to their roles. Users are divided into five predefined roles:

  • Root Admin: Has full administrative access to the entire system, including all data and configurations. 

  • Company Admin: Manages organizational settings, travel policies and user accounts for their specific company. 

  • Company Reporting Admin: Accesses company-level analytics, reports and carbon tracking data.

  • Travel Arranger: Handles bookings and travel arrangements for other users within the organization.

  • Traveler: Primary users who log in to search, book and manage their personal travel needs. 

Tenant Isolation

Goodwings employs a multi-tenant architecture that ensures logical isolation of customer data:

  • Data Segregation: All customer data resides in a single database but is logically segmented using tenant identifiers to ensure isolation and prevent unauthorized access between tenants.

  • Access Controls: Role-based access controls (RBAC) are enforced at the application layer, ensuring users can only access data specific to their tenant.

  • Monitoring and Auditing: All data access and interactions are logged and monitored to detect anomalies and ensure compliance with security standards.

  • Alerting Mechanism: In case of any unexpected suspicious events, alerts are sent to internal Slack channels, accessible exclusively by the Security team, for immediate manual investigation.

 

Comprehensive Data Security

End-to-End Data Protection

Goodwings ensures that sensitive data is safeguarded throughout its lifecycle with robust encryption protocols and strict access controls: 

  • In-Transit Encryption: All data transmissions between services and external systems are secured with TLS 1.2.

  • Sensitive Data Encryption: Data stores in AWS services, such as RDS and ElastiCache (cache servers), is encrypted using AES-256 encryption via OpenSSL. Encrypted values are secured with a message authentication code (MAC) to prevent tampering.

  • Key Management: Encryption keys are securely managed and rotated following industry standards to ensure ongoing data protection.

 

System Monitoring and Automated Recovery

Goodwings maintains system stability and proactively mitigates issues with a combination of monitoring, logging, and recovery tools:

  • CloudWatch: Monitors resource utilization, system performance, and key application metrics. 

  • Automated Backups: Regular snapshots of RDS databases and S3 data ensure quick recovery in the event of failure. 

  • Incident Management: Alerts and escalation workflows enable rapid response to detected issues, minimizing downtime.

Secure Development, Deployment, and Operations

Secure SDLC

Goodwings implements a Secure Software Development Lifecycle (SDLC) to maintain platform integrity:

  • Regular Reviews: Application design, architecture, and features undergo regular security reviews by the Goodwings security team.

  • Static Code Analysis: Automated tools identify potential security bugs and vulnerabilities during development.

  • Uptime Monitoring: Continuous uptime monitoring ensures the platform remains operational, with alerts configured for immediate action during outages or performance degradation.

 

Secure Deployment

  • Pipeline Types: Release, bugfix, and hotfix pipelines track all changes at the PR level, ensuring accountability. 

  • Role Segregation: Roles and permissions enforce segregation of duties for who can deploy code to production. 

 

Secure Internal Resource Access

Internal access to the production environments is tightly controlled:

  • VPN Access: A Goodwings-Managed SSL VPN server provides secure access to production endpoints for troubleshooting.

  • IAM Policies: Logical access to AWS resources is gated by IAM roles, adhering to the principle of least privilege.

  • Two-Factor Authentication (2FA): Enforced 2FA is required for accessing AWS management portals and all administrative production systems, providing and extra layer of security against unauthorized access.

  • Access Auditing: All access is monitored, logged and controlled to ensure compliance and security. 
Thumbnail three (1)
Seamless integrations

Power-up your travel management with our expanding library of integrations to automate, sync and streamline your workflow.

Read more
Thumbnail four (1)
All 400+ features, on every plan.

You shouldn’t compromise, and you don’t have to. We give unlimited access to our 400+ features, on all plans.

Read more
 

Featured in

Featured in

  • Forbes logo
  • Sifted logo
  • Skift logo
  • Teck eu logo
  • PhocusWire logo
  • BTN logo