Data Security & Blockchain

TYS information security policies have adopted COBIT principles to the largest extent possible. These include meeting stakeholders’ needs, covering an enterprise end-to-end, applying a single integrated framework, enabling a holistic approach, and separating governance from management.

TYS also follows the ISO standards of ISO 27001 (international information security standard), 27701 (privacy information management systems / GDPR) and 27014 (governance of information security), and ultimately plans to become ISO 27001 certified.

TYS is in the process of undergoing a SOC 2 audit certification and will conduct periodic audits in the future to ensure continued compliance.

No, it is not shared with everyone; data owners have control over who accesses the data they store in TYS. This is accomplished through user credentials, role-based access privileges and the sharing of cryptographic keys. When a user logs in, their credentials are validated and they are given access to the role(s) their organization administrator assigned. If they have the appropriate role, they are able to access the data of any organization that has given permissions to their organization, accomplished behind the scenes through the sharing of keys. For example, a user from a buyer org has access to data from all suppliers who have agreed to share their data with that buyer org.

While each member organization that operates a cluster will have a copy of the entire blockchain ledger on its nodes, they can only view a supplier’s data if the supplier gave them access as described. In the application, suppliers are only aware of buyers whom they’ve received an invitation from, and cannot see other suppliers. After receiving an invitation, a supplier can choose to share their detailed profile data with the buyer.

TYS complies with privacy laws such as GDPR and follows the ISO 27701 Privacy Information Management System international standard when managing PII data. Since blockchain ledgers are immutable, TYS stores PII information off-chain so that ‘Right to Forget’ and other subject rights outlined in GDPR can be met. PII data is encrypted with the data owner’s organizational keys and is under the control of the owner (i.e. Supplier or Buyer). It can be shared at will by the owner with other permissioned members of the TYS network and also deleted at will.

Yes. TYS data confidentiality is preserved by encrypting it whenever possible. Member organizations have keys that enable them to encrypt blockchain data and any PII data they commit off-chain. Other off-chain data is natively encrypted at rest, and data in transit is always protected using HTTPS or TLS.

Backup and recovery of the ledger is native to the blockchain and TYS implements this by having multiple nodes in different zones and regions, with an identical copy of the ledger on each. Any node that fails will automatically sync up with other nodes upon recovery to update its ledger, meaning every node is considered a backup and blockchain data processed by TYS is never lost.

Off-chain data is replicated in multiple instances of each off-chain database; some are read-only and one is read/write. Off-chain data is backed up every 24 hours and the backups retained for 30 days.

TYS tests all backup mechanisms once annually.

First-time users are emailed a registration link that leads them to a web page where they create a user ID and password. A 6-digit verification code is then sent to the email address to validate it, and the user must enter this to gain initial entry into the application.

Passwords must be 8 – 15 characters long, contain both upper and lowercase letters and a numerical digit, and be changed every 180 days. Passwords are always encrypted and their hashes stored off-chain.

SSO is enabled for TYS, using OpenID Connect or SAML. If utilized, users must observe their organization’s password rules.

TYS verifies the user’s ID, password hash, and existence of a valid X.509 certificate before granting application access and opening a new session. A user can only run one session at a time. Sessions are not open-ended: each user is issued a session token upon login that will expire once the length of a user’s inactivity exceeds a certain time, or if the user begins a new session outside of the current browser window.

TYS is hosted and maintained on IBM Cloud. All servers are currently in two IBM Data Centers – one in the U.S. and one in Europe – and are managed and operated by IBM. As such, they adhere to IBM physical policy guidelines and are protected against attacks, accidents and natural disasters. These security measures follow the NIST 800-53 PE security and privacy control framework as well as ISO 27001 A11 requirements.

TYS is integrating a primary web-app firewall in front of the node application HTTPS ports, and all public internet traffic will terminate at it. It will only allow HTTPS traffic to the TYS web server. There is also an IBM firewall internal to IBM Cloud IaaS, which uses three interfaces to protect TYS elements in the cloud.

More details, including a network diagram, available upon request.

TYS implements system hardening for the application and IBM Cloud implements it for the platform. TYS has applied the following key measures to improve hardening:
• User logins are configured to use MFA or SSO.
• Users need valid credentials to access the platform. The system will reject and keep a record of all invalid logins.
• User passwords must follow set rules.
• A web-app firewall will limit access to the environment and enforce several rules including DDos parameters.
• TYS components run inside monitored Kubernetes clusters.
• All blockchain node cluster IP addresses are whitelisted.
• Integrated SIEM tools provide intrusion detection and alerting.
• Antivirus software is in place on developer machines and for PDF document uploads.
• Blockchain nodes back each other up in the event of a failure of a single node, zone, or region, and IBM backs up off-chain data every 24 hours and retains the backups for 30 days.
• All keys are stored in a separate instance of the offchain database, encrypted at rest, and integrated with a key management service.
• Code deployed on the system is subject to code reviews and static code scanning tools. Dynamic code scanning occurs through internal and external service provider penetration tests.

TYS developer laptops are equipped with anti-virus software and developers use npm scan tools to prevent malicious JavaScript packages from being injected into the application’s code.

An antivirus engine (ClamAV) scans PDF documents prior to upload to TYS, and the engineering team is in the process of installing anti-virus software for the application as a whole.

Yes: TYS has a complete Business Continuity Plan and regularly updates it. TYS has documented its overall BCP process and trained TYS support and operations personnel on it. TYS will conduct annual BCP drills, including DAST and SAST application security testing, and remediate any vulnerabilities found during them.

Yes: TYS has approved a Security Incident Management Plan, which is in place and will undergo revisions as future requirements are defined. It follows ISO/IEC Standard 27035 security incident guidance, which includes a recommended five-step process of preparing for incidents, monitoring and reporting incidents, assessing and working out how to mitigate incidents, responding by resolving incidents, and documenting lessons learned. Any user of the TYS network can report an observed incident, and incidents are logged in a tracking tool and classified with a severity level, with SLAs based on the severity level.

TYS is in the process of configuring SIEM tools that perform several functions, including monitoring network traffic to and from the Kubernetes clusters, identifying attacks and potentially compromised assets, and looking at activity logs for unauthorized or suspicious user or application access and changes to IBM Cloud resources.

More details available upon request.

The TYS network is in the process of setting up and migrating to the IBP 2.0 high availability blockchain configuration. The blockchain ledger is identical on all nodes by default, so any node that fails can automatically sync up with other nodes upon recovery and update its ledger. TYS is distributing nodes across multiple zones and regions to allow for redundancy if a zone or region goes down. Otherwise, the TYS team will attempt to resolve a critical severity 1 incident within 24 hours.

TYS tests backup/restore processes and redundancy annually.

All TYS employees must complete a mandatory, custom security training program consisting of 23 modules on topics from malware to GDPR to general security awareness.

The full list of modules is available upon request.