Risk Assessment of the Platform
Architecture
Welcome is based on microservices, hosted on the AWS (Amazon Web Services) platform. The platform has undergone a Well-Architected Review, which we will also conduct at regular intervals to ensure the solution maintains a high level of security.
Welcome's microservices are built using modern IaC (Infrastructure as Code) pipelines. All services and resources are secured with a "least privilege" mindset, ensuring that developers and services do not have more access than strictly necessary to perform an operation.
Platform
Welcome Workdays runs on Amazon Web Services. AWS is designed to be the most secure cloud infrastructure platform. Some examples:
All security incidents are monitored in AWS Security Hub, and automated threat detection is integrated into the platform.
All secret parameters and keys remain encrypted throughout the entire lifecycle of building new versions and services.
User access is IAM role-based, meaning regular user accounts do not have access to any services but must assume a role with the appropriate permissions.
Traffic
All traffic sent to and from the solution is encrypted with SSL/TLS certificates. Internal traffic between the services within the solution is not open to the internet but occurs internally between the services on a closed network.
Code
All code is under version control and is automatically checked for new vulnerabilities, security errors, and security breaches.
Data
All production data is stored in AWS data centres in Stockholm.
Do you need help?
Chat with us via the AI chatbot at the bottom right of the screen, or send an email to support@welcomeworkdays.com.
