Security

Overview

Ambition applies security best practices for internal and customer-facing services so that customers can focus on their business. We implement these practices throughout every stage of handling your data... from receiving and processing to analytics and storage.

Our Commitment

We recognize that our product only works when people trust us. From data accuracy to account security, the only way we will truly be successful is to build a two-way relationship founded upon transparency, accountability, reliability, and quite frankly... honor.

Data Centers

Ambition's physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

ISO 27001

SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

PCI Level 1

FISMA Moderate

Sarbanes-Oxley (SOX)

Physical Security

Ambition utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

For additional information see: https://aws.amazon.com/security

Customer Application and Data Isolation

All customer data at Ambition is isolated with unique security credentials at each level including data upload, file storage, web application, data processing, and individual databases. All external web traffic uses HTTPS and all database connections use SSL to protect data in transit.

Vulnerability Reporting

To report a security vulnerability, the Ambition Security team can be reached at security@ambition.com.

For sensitive communication you may use the following PGP key. The fingerprint is

6B02 951A 19F8 B094 6A84 3D5C 5C7B E7E4 160D 5347