Security white paper

High Level Application Architecture

Application has been developed using LAMP (Linux, Apache, MySQL, PHP) technology stack. PHP based MVC framework YII2 has been used to develop the application.
This is a SaaS application developed using a Multi-tenant database. The DB has been architected using single shared DB per tenant architecture. There is logical separation in client data based on client based identifier in the DB tables.

A single, shared database schema
A schema is a layout for database tables that relate to each other. In the first approach, one database is used with tenant tables all linked to the database. The tables handle relations and version control or updates, such as handling two people attempting to manipulate the same table or data entry. This is the fastest way to operate, since only one database is being used, assuming it scales.

Application is hosted on AWS infrastructure.

  1. Application/ Web server is hosted on EC2 instance
  2. MySQL DB is hosted on RDS
  3. Application uses SSL for information encryption on the network.

Application Implementation and flow

Innovation Champion (indicated by 1 in above diagram)

  1. Innovation Innovation Champion initially registers with their email
  2. Email verification for the Innovation Champion is done. Also only company based email accounts are allowed common email servers like gmail, outlook are not allowed
  3. Post email verification, Innovation Champion can setup company account and import employee and Functional expert accounts
  4. Can only view and work on the data related to the current company they setup

Functional Experts (indicated by 2 in above diagram)

  1. Experts get email invitation to join the platform (with login and password)
  2. Experts can join the platform and later modify the password as needed.
  3. Can only view and work on the data related to the current company they are invited and registered with

Employee (indicated by 3 in above diagram)

  1. Employees receive email invitations from the Innovation Champion.
  2. Based on the invite they complete the registration process. Cannot change the email while registering.
  3. They set up their own password in account creation process
  4. Can only view and work on the data related to the current company they are invited and registered with
Basecamp white paper