![]() ![]() remote invalidation of extant sessions upon password change/user deactivation.Client code utilizes multiple techniques to ensure that using the Alphacloud application is safe and that requests are authentic, including:.All requests are logged and made searchable to operations staff. Request-handling code paths have frequent user re-authorization checks, payload size restrictions, rate limiting where appropriate, and other request verification techniques. Exposed server endpoints are recurrently tested for vulnerabilities using multiple types of scanning software as well as manual testing.Prior to updating production services, all contributors to the updated software version are required to approve that their changes are working as intended on staging servers.All changes to source code destined for production systems are subject to pre-commit code review by a qualified engineering peer that includes security, performance, and potential-for-abuse analysis.We maintain an SDLC process that ensures new systems or enhancements to existing systems that contain Confidential Information will have security controls defined and implemented prior to being placed into production.We limit access to Confidential Information based on the concept of “least privilege” (i.e., access on a “need to know” basis only).This includes access by applications, administrators and all users. We authenticate all access to any system containing Confidential Information.All employees and contractors that have access to Confidential Information are identified on systems with a unique ID.Access is removed immediately when employees and contractors that have access to Confidential Information are terminated.We maintain a formal process for registering and de-activating user accounts on systems.Actions of employees and contractors that have access to Confidential Information are monitored and logged.All employees and contractors sign non-disclosures (NDA) and confidentiality agreements.We conduct background checks on all employees and contractors that will be handling Confidential Information.We maintain a formal process for managing and protecting encryption keys which follows industry standards.Mobile devices such as: laptops, smartphones, tablets, USB drives.Electronic communications such as: email, fax, etc.Infrastructure components such as: servers, etc.Encryption methods are used while processing, transmitting or storing Confidential Information. ![]() We use approved encryption methods (256-bit encryption) using American National Standards Institute (ANSI), at a minimum, for transmitting Confidential Information.We maintain standard media handling procedures to protect Confidential Information that is stored on media.We adhere to a comprehensive security policy and procedures for handling Confidential Information that addresses secure methods for processing, transmitting and storing Confidential Information.All employees who handle Confidential Information are properly trained to secure our information while it is being processed, transmitted or stored.These procedures include labeling and handling techniques for information that contain Confidential Information. Information classification and handling procedures are implemented.All systems that contain Confidential Information are identified.Internal tier-to-tier requests are signed and authenticated to prevent request forgery, tampering, and replay.Our SSL certificates are 2048-bit RSA, signed with SHA256.Our web servers encrypt data in transit using the strongest grade of HTTPS security so that requests are protected from eavesdroppers and man-in-the-middle attacks.All servers that run Alphacloud software in production are recent, continuously patched Linux systems.continuous external and internal security camera surveillance.custom-designed electronic access cards.Technical and Organizational Measures (TOMs).Īlphacloud production data is processed and stored within world-renowned data centers (Amazon Web Services), which use state-of-the-art multilayer access, alerting, and auditing measures, including: Security Incident & Vulnerability Management. We operate a highly secure platform and store data securely with Amazon Web Services (AWS) while addressing all relevant legal, industry, and regulatory concerns around the world. Our services are built on Amazon Web Services, which is itself compliant with certifications such as SOC 2, CSA, ISO 27001, and more. We understand how critical maintaining consumer trust is and how trust is rooted first and foremost in protecting personal data. Alphacloud Technologies Pte Ltd(Alphacloud) cares about the security of our services and about the security of your data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |