Security Architecture

Abstract

Cobalt Archive has been designed from the ground up to exceed the industry’s security best practices. The platform architecture works hand in hand with the infrastructure to comply with SEC and FINRA regulations, providing one of the most secure and robust archiving solutions on the market.

Infrastructure

Cobalt Archive’s infrastructure resides in an extremely locked down Virtual Private Cloud (VPC) hosted by AWS. Strict firewalls are applied at both the subnet level (Network ACLs), as well as the instance level (Security Groups). These controls are much more restrictive than required, and far exceed what is found in a typical SaaS deployment.

All data is always stored in an encrypted format using the industry-standard AES-256 algorithm. Data communications are also encrypted, ensuring data is always encrypted in transit and at rest.

Additionally, any infrastructure that does not explicitly require a public IP address (such as a load balancer) is deployed into a private subnet within the VPC, offering a higher level of protection. These instances are not publicly accessible and can only be accessed by an authorized user with a Virtual Private Network (VPN) connection. VPN connections make use of private key cryptography paired with multi-factor authentication (the stronger TOTP variant, not SMS). Our servers also make use of private key cryptography (as opposed to passwords), and are only accessible via a secure VPN connection.

Archiving and Timestamping

As an archive platform, Cobalt Archive has been designed to meet SEC and FINRA compliance regulations by preserving the original content in a Write Once Read Many (WORM) storage format, ensuring that archived items are stored in an immutable format. That is to say, once an item is archived it cannot be modified in any way. The original content is indexed, timestamped, duplicated and can be made readily available to authorized users.

Cobalt Archive provides additional confirmation that archived content is stored in immutable format by using a blockchain concept known as Proof of Existence (POE). POE is a complex, decentralized process allowing for independent verification that an archived item existed in an unalterable state, on a specific date, without disclosing the content of the document. This additional verification process should be useful to meet legal or auditing requirements.