top of page

Security

We know how important it is to keep our customers' data secure.

Operations

Deployment

Testing

Development

Design

Requirements analysis

We keep security in mind at every step of our processes:

Security is assured at all layers:

Endpoint

Network

Infrastructure

Applications

Data

We constantly:

Document and review policies

Do risk assessment

Monitor I&B Platform environment

Access

Only authenticated users are allowed to have access to I&B Monitoring Platform.

Single sign-on option via Identity Providers: Google, GitHub, Microsoft and email authentication.

Access Control

Secure Login

Authenticated & Secured

Vulnerability Management

We audit the libraries and dependencies to manage vulnerabilities

Secret Management

Environment variables are stored with Google Cloud Platform Secret Manager

Environment Separation

Our Development, Stage and Production environments are separated

Broken Access Control

Security Misconfiguration

Software Supply Chain Failures

Cryptographic Failures

Injection

Insecure Design

Authentication Failures

Software or Data Integrity Failures

Security Logging and Alerting

Exception Mishandling

Application

We use web application firewall (WAF) to mitigate OWASP Web Application Security Risks:

Application Security

SOC 2

Data Center Security

Physical Access Control

Environmental Controls

System Monitoring

I&B monitoring hosts servers in SOC 2 certified data centers.

Infrastructure Security

HTTPS/TLS Encryption

  • All communications between user web interfaces and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks.

  • Any internal communications between APIs also are performed via HTTPS/TLS.

  • Any integrations with third party vendors are performed via HTTPS/TLS.

Encryption

All platforms and customers' data is encrypted at rest.

Access Control

Access to the production network is restricted on an explicit need-to-know basis, utilizes least privilege.

We use multiple factors of authentication for Employees accessing the production environment.

Cloud Security Tools

We use cloud providers' security tools and firewalls which monitor and/or block known malicious traffic and network attacks.

24/7 Security Team

The Security Team is on call 24/7 to respond to security alerts and events.

Network Security

Information Security

Risk Management

Asset Management

Access Control

Incident Management

ISO 27001

Security

Availability

Confidentiality

Processing Integrity

Privacy

SOC 2

We collaborate with SOC 2 and ISO 27001 certified vendors.

Vendor Compliance

bottom of page