DADO Security
This document outlines at a high level the security practices and measures that DADO, Inc. has in place.
1. Hosting
All of the DADO services are hosted in the United States via Amazon Web Services (AWS). The AWS facilities that we use are validated against NIST 800-53 and FedRAMP requirements. In addition to this, DADO services run off of a “serverless” model which allows us to let AWS handle important tasks like operating system updates, security to the host operating system, many aspects of scalability, and numerous other advantages.
2. Authentication of Users
To authenticate that a user can access DADO via the mobile or the web application, we rely on a hosted solution from AWS called Cognito. Cognito handles all parts of our authentication process including password strength requirements, password resets, actual user login, secure storage of hashed passwords (no plain text passwords), etc. Cognito can also watch for suspicious login activity and other signs that an account has been compromised.
Cognito follows industry best practices for encrypting information while in transit and at rest.
3. Secure Connections
All communication between the DADO client applications and servers is encrypted using industry-standard 2048 bit SSL certificates.
4. Encryption at Rest
All files that are either uploaded or synced to DADO are not only encrypted when transported between computers, they are also encrypted before being stored in our application (at rest). This also includes optimized versions of the files that we’ve created for faster viewing and all thumbnail images that have been created to support our applications.