Dedicated Security Team
Our dedicated Information Security team reviews the processes established for Information and Data Security periodically. It also audits adherence to processes by different departments. The Information Security team establishes and propagates the best practices of Information Security throughout the organization.
Infrastructure
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Our service is built on Amazon Web Services and Microsoft Azure, which are certified by several standards like ISO 270001, SOC2, SOC3 etc. They provide strong security measures to protect our infrastructure.
Network level security monitoring and protection
All the resources inside the datacenter are secured using a Virtual Private Cloud (VPC). Firewalls are configured to allow traffic to only required endpoints. The entire VPC is monitored by a Learning Intrusion Detection System (IDS) which analyses the network flow logs of VPC and raises alarms on any detected suspicious activity.
Data encryption
All the product services are delivered using Encrypted SSL communication using TLS 1.0, TLS 1.1 and TLS 1.2. Secret keys, and other confidential information, are secured using a centralized Secrets Manager. The files stored in the cloud storage, and are encrypted using server side encryption using AES-256 encryption. The data stored in the databases are encrypted using block-level encryption.
Business continuity and disaster recovery
We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.
User protection
Role-based access control (RBAC) is offered on all our accounts and allows our users to define roles and permissions.
Employee access
Our strict internal procedure prevents any employee or administrator from gaining access to user data. Limited exceptions can be made for customer support.
All our employees sign a Non-Disclosure and Confidentiality Agreement when joining the company to protect our customers’ sensitive information.