Security at the Core
How Journera is approaching data security
Journera recognizes the value of travel provider data — that’s why we’re developing the industry’s first comprehensive platform that enables data to create better travel experiences. But with that opportunity comes an obligation to protect our publishers’ data carefully and persistently.
When it comes to data security, Journera has a few advantages that a legacy platform would not. For starters, we have no legacy systems that force our design decisions. There are also no pre-existing business processes or poor user habits that are difficult to remove for fear of business disruption.
So, we are laser-focused on not just creating the world’s pre-eminent platform for travel data, but also the most technically advanced and secure platform on which it operates. Here’s how we’re doing it:
Security is a core feature of the Journera platform and any security vulnerability is considered a “critical bug”
As a core feature, the Information Security team sits in on all architectural meetings with both the Operations and Development teams and ensures that security standards and controls are properly considered, planned for, and implemented before any project starts. Even when the smallest security vulnerabilities arise, we prioritize and mitigate them quickly.
Information Security reviews and tests all applications and critical code before they reach production
The earlier you find and remediate a security vulnerability within an application, the cheaper the remediation cost and the lower the impact on downstream systems. At Journera, we take this to heart and want to minimize the chances that any security vulnerability makes it into production. We test early and often.
Threat modeling is used to ensure that security is comprehensive
As Journera has developed its applications and infrastructure, we have used threat modeling to look at our resources through the eyes of a would-be attacker. This helps us identify possible threats and vulnerabilities as we design our applications and systems.
Finally, we have begun implementing the idea of a Zero Trust Network
Traditionally, network security models assumed that everything inside an organization’s network was trusted and therefore needed fewer security controls. In 2010, John Kindervag of Forrester proposed the concept of Zero Trust, which has a foundational principle of “never trust, always verify.” At Journera, we have implemented several concepts that adhere to this principle.
- Encryption is used during transport whenever technically possible. We believe that all traffic — even that which originates from, and is destined for, internal systems — should be encrypted. Why give an intruder more information then they need by allowing them to sniff plain text data?
- Authentication is used for any non-public service. Any service that wasn’t designed to be public — like a blog — should be authenticated. This is true whether the service is called by a user or another internal service.
- Multi-factor authentication is used at all critical access points. Any time someone enters the Journera network from the outside, or logs into a critical system, multi-factor authentication is required, greatly increasing the difficulty for would-be infiltrators.
Travel is an industry that will increasingly be driven by the power of its data to transform experiences. To fuel that transformation, we are on the forefront of the fight to keep travel data safe, secure, and working on behalf of our customers.