USPX Security

Ambisafe
Ambisafe
Jul 26 · 6 min read

Security strategy

USPX tokens are being offered on Orderbook, a decentralized trading platform of a new generation. The most important difference from a security perspective is that Orderbook team never has control over customers’ assets, unlike most of the existing custodial exchanges. This lays well in-line with the latest statement published by two leading U.S. regulators: the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA). Non-custody is achieved by using smart contracts on Ethereum blockchain that hold assets and process the transactions. Orderbook is developed by Ambisafe as a part of our core mission — making financial markets universally accessible.

The security of our clients’ data is our priority. Ambisafe and Orderbook take numerous physical, technical and organizational measures needed to safeguard our clients’ data. We are using all reasonable efforts to protect our clients’ information in a highly secure data center, adhering to strict computer security standards. We have enforced internal Information Technology Cyber Security Policy designed to ensure that our customers’ information remains safe, secure and private.

Application security

Authentication

User passwords are never created, transmitted, or stored by Orderbook, as the password only leaves user’s browser after being hashed by a strong algorithm (SHA-3).

Private key management

All transactions are signed client-side, private keys never leave the browser in an unencrypted form. Orderbook uses a strong encryption algorithm to encrypt private keys before storage. The encryption key is derived from user’s password using PBKDF function.

Secure browser connections

HTTPS provides a secure internet connection between the Orderbook application and a user’s local computer. This secure connection provides a bidirectional encryption of communications.

Server hosting

Orderbook is built and hosted exclusively on the Google Cloud Platform (GCP) platform. Thus, the physical securities of Orderbook are equivalent to that of Google Cloud Platform, which Google uses to run its own services as well. For more information regarding Google Cloud Platform Security, please view Google’s own Security and Privacy Documentation: https://cloud.google.com/security/

High Availability

Orderbook tracks performance, errors, and uptime of the production systems using externally hosted commercial vendors and internally hosted open-source software. The production instance of the application runs on Google Cloud Platform for high availability, and critical data is backed up for recovery in the case of unexpected failures.

Backups

Database backups are performed daily and stored in two geographically distributed data centers.

Implementation

New system components pass internal code reviews to evaluate architecture and security. These focus primarily on how to prevent financial losses of users upon successful hacker attack. Proper encryption and key handling mechanisms are included to ensure that the fundamentals of good security are in place.

Testing

QA testing is performed before every release, both in an automated and manual fashion. To guarantee extensive coverage tests are based on checklists and focus on key components based on the risk analysis performed in the requirements phase.

Deployment

Secure methods of deployment that use full automation, encrypted network connections, logging, and monitoring ensure that code is deployed with appropriate evidentiary support for forensics and incident response. All deployments are logged and tested to confirm that the changes deployed match the expected changes.

People, organization and management

Ambisafe has a documented company structure. Each potential Ambisafe employee passes an established onboarding workflow which includes security checks against public governmental records, getting references from previous employers and signing all required legal documents. Ambisafe has a dedicated team and does not use freelance contractors for engineering, management or support roles.

Communications

Ambisafe uses certified industry standard commercial providers to provide a secure and controlled work environment. Company timely communicates its policies, processes, procedures, commitments, and requirements to employees using established channels. Email, communication, blogging and social media activities are regulated by internal security policies.

Monitoring of controls

Environment

Only approved services are used to store, upload, convert, share or work with company data. Ambisafe uses certified industry standard commercial providers to provide a secure and controlled work environment. Checklist procedures for employee offboarding process are defined to include proper and timely access termination to all Ambisafe and Orderbook systems.

Activities control

Ambisafe uses commercial SaaS Operations Management (SOM) system to automate the operational admin and security tasks that are required to keep the employees’ activity in SaaS applications within defined Information Technology Cyber Security Policy.

Operating effectiveness

C-level meetings are held regularly to ensure the operating effectiveness of the controls, directors and lead employees, and take action to address deficiencies identified.

Access controls

Ambisafe uses automated software processes to launch, provision, deploy and update all versions of the Orderbook systems. DevOps engineers do not have direct access (such as SSH, Telnet or terminal) to these systems and do not perform any manual command line configuration.

Change management

Orderbook identifies the need for changes to the system through a dedicated Product Owner, makes the changes following a defined change management process, which follows best practices of software development and uses commercial bug tracking, issue tracking, and project management systems. To prevent unauthorized code changes a version control system is used. The deployment process is fully automated and does not allow manual access to production servers.

Availability

The system is available for operation and use as committed in Orderbook Terms of Service.

Processing integrity

Order processing by Orderbook is complete, valid, accurate, timely, and authorized. All these properties are guaranteed by the nature of smart contracts running on an Ethereum blockchain.

Confidentiality

An NDA is signed with every Ambisafe/Orderbook employee. Information designated as confidential is protected as committed in Orderbook Privacy Policy. Due to the nature of public blockchain the proof of the transactions will be displayed on Ethereum blockchain, which will contain a unique digital identifier code (hash). Although the proof of the transaction is public, the identity of the participants will remain private. The private information will be stored by us in compliance with regulatory and industry standards.

Privacy

The system’s collection, use, retention, disclosure, and disposal of personal information are in conformity with the commitments in the Orderbook Privacy Policy and with criteria set in the General Data Protection Regulation (GDPR).

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade