Encryption keys are managed via AWS Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of Amazon and Storyline. The keys stored in HSMs are used for encryption and decryption via Amazon’s KMS APIs.
Application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.
Storyline requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):
Storyline uses a risk-based approach to vendor security. Factors which influence the inherent risk rating of a vendor include: