As a Software-as-a-Service (SaaS) company, we know that we live and die by our ability to both provide a great service for our users and safeguard the data that we've been entrusted with. There is no one without the other.
As we've grown, more and more large enterprises like Daimler have approached us eager to adopt Avocode into their design workflow. These companies typically have special security considerations, which means that they need to ensure they can trust Avocode with their confidential data.
So this brings up an interesting question - what does trust in an enterprise service provider actually entail?
For you to have peace of mind that your data is secure with Avocode, you need to trust:
- that our software development practices incorporate security at every level.
- that our access controls allow data to be accessed by only the employees who need it.
- that our operational security is effective at protecting your data from both internal and external threats.
- that we built our infrastructure in a reliable way so that your data is safe and available.
- etc., etc., etc.
This is precisely the reason why certifications exist - so that a trusted third-party can attest that appropriate procedures are in place to minimize the risk of security issues. We see a lot of value in these certifications and are actively working towards attaining them ourselves. But we also recognize that they aren't the endgame. Even certified organizations still ship code with security bugs or slip up in some other area (see: every major cybersecurity breach in the last 10 years).
We've made significant strides over the last few months to bolster our security and are excited to share two pillars in our approach to security: transparency and defense-in-depth.
Pillar 1: Transparency
Security has always been a core part of everything that we build, but we haven't done a very good job of telling that to the world. Back in October, our team sat down and started writing down everything that we already do to secure Avocode's infrastructure. Then we started combing through different industry-standard certifications, notably SOC 2, to see how we stacked up. We found that in many cases, we were meeting the requirement on a technical level but lacked formal documentation of the process. In some cases, we did come up short and we’ve been hard at work to mitigate those issues.
As part of our commitment to transparency, we took the relevant parts of this discovery and posted them publicly on our website. Some organizations may have more detailed questions about our approach to security, so please get in touch with us if you're interested in learning more.
Pillar 2: Defense-in-Depth
Most of our customers work in our public cloud and we spend a lot of time ensuring that our multi-tenant architecture is secure and that your organization’s data is just that ... yours. This is a continual investment for our team since the world of computer security changes so quickly.
As we’ve established, completely secure systems don’t exist. Therefore, the best security strategies rely on a concept called defense-in-depth. To understand this, you can think of your data as money inside of a bank vault. In order to gain access to that money without the proper credentials, you would have to bypass security guards, cameras, local police, multiple locked doors, and finally the bank vault door. Even if multiple defenses fail, the vault is still secure. In the same way, we employ multiple layers of security to help protect your data even if some part of our infrastructure is compromised.
Introducing Avocode Private Cloud
Over the past few months, we've been working hard to add a new layer to our defenses in order to further protect the data of our enterprise customers. So today, we’re introducing a new offering: Avocode Private Cloud.
So what exactly is it?
An Avocode Private Cloud is a completely isolated instance of Avocode that is dedicated to a single organization. You get all of the same great features as our public cloud offering but running in a single-tenant cloud environment. That means that it’s completely isolated from our public cloud, which provides both security and performance benefits.
Why are we offering the Private Cloud?
Placing trust in an enterprise service provider like Avocode is multifaceted, as we established earlier. We strive to demonstrate that we are worthy of that trust in many ways.
This journey started with talking to customers who had indicated that their corporate policies restricted them from uploading confidential designs to a third-party service. Our first idea was to bundle design parsers into the Avocode client so that designs could be imported and inspected completely offline. This solved the issue of keeping design files local and maintained the core functionality of Avocode, which was the Inspect Mode. But the offline nature of this solution meant that teams couldn’t collaborate with shared design files or make comments on designs, which turned out to be a dealbreaker. So, we went back to the drawing board. We knew that we wanted to offer the full Avocode experience without compromise while also providing enhanced security features that would allow IT departments to trust us.
The next solution that customers asked us to explore was on-premise. In this model, the service provider packages up their application and allows the customer to run it on their own infrastructure. Some technology stacks are well-suited to this approach, such as a service running inside of a few virtual machines. Avocode’s stack consists of dozens of services that are deployed in a Kubernetes cluster that depend on resources like object storage, databases, and Redis clusters. Getting all of this to run and be operationally sustainable in a non-cloud environment would be challenging.
So with the requirement of running in the cloud, we investigated different models of distributing Avocode. We settled on the solution that was simplest for us and also the simplest for our customers. When you sign up for Avocode Private Cloud, we will create a new cloud account and provision it with all of the infrastructure needed to run Avocode. This cloud account shares billing with our primary account but is otherwise completely self-contained. This new defensive layer provides isolation at the infrastructure level as opposed to just the application level, thus eliminating entire classes of security issues like cross-tenant privilege escalation.
What is Avocode?
It’s an all-in-one tool for teams that want to code and collaborate on UI design files 2x faster.
How Avocode Private Cloud Works
Provisioning and maintaining many different instances of Avocode across cloud provider accounts requires a lot of automation. While we had some building blocks already in place, we then had to build new tooling and automation in order to support Avocode Private Cloud.
To set up a new Avocode Private Cloud, we first create a new cloud account. At this time, we run all private clouds on Amazon Web Services (AWS) though we have plans to offer the ability to deploy on Google Cloud Platform (GCP) in the future. In AWS, we create a subaccount that has linked billing to our primary account.
We then use Terraform to provision all of the underlying infrastructure. This includes:
- a Virtual Private Cloud (VPC),
- a Postgres database (via Amazon RDS),
- a Kubernetes cluster (via Amazon EKS),
- IAM roles,
- service accounts,
- Redis instances (via Amazon ElastiCache),
- object storage buckets (via Amazon S3),
- and content delivery networks (via Amazon Cloudfront).
All of these resources are modeled in a code repository that requires a review before any changes can be made.
Once all of that is ready, we use Helm to provision all of our applications in Kubernetes. We maintain custom Helm packages in the same code-reviewed repository that we use for Terraform. We’ve spent a lot of time making sure that these applications use Kubernetes best practices, which helps to keep Avocode reliable and performant.
Each of these applications has environment-specific configuration that we can tailor to each customer. For example, if a customer needs to have even faster design processing (especially if they’re using our Cloud API), we can tweak the settings to maximize performance. Or if a customer wants to store designs in S3 buckets in their own cloud accounts, we can do that too.
At this point, everything is set up and our customer success team onboards the organization onto their shiny new Avocode Private Cloud. But the journey doesn't stop here!
Our customer success team is available to help out with any problems that you might face. We also have comprehensive infrastructure monitoring and alerting that notifies our on-call team if there are any problems. Your team is in good hands!