Here at Akeero we understand that our customers expect us to protect their data with the highest standards and are committed to providing them with a highly secure and reliable environment. Our security model and controls are based on international standards and industry best practices, such as ISO 27001 and OWASP Top 10.
Our systems are hosted on multiple AWS Availability Zones. This allows us to provide a reliable service and keeps your data available whenever you need it. We have also established a disaster recovery site in another EU region.
The AWS data centers employ leading physical and environmental security measures, resulting in a highly secure and resilient infrastructure.
Akeero implements a security oriented design in multiple layers, one of which is the application layer. The Akeero application is developed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment to production.
Our controlled CI/CD process includes static code analysis, software composition analysis, vulnerability assessment, penetration testing, and more.
Another layer of security is the security of our infrastructure, which is protected with a defense-in-depth approach using a number of mechanisms, including:
- Firewalls for enforcing IP whitelisting and access through permitted ports only, and only to and from defined network resources
- DDoS mitigation and rate limiting
- Continuous monitoring for early attack detection
- Comprehensive logging of network traffic, both internal and at edge
Sensitive information is encrypted both in transit and at rest:
- Traffic is encrypted using TLS 1.2 with a modern cipher suite.
- User data is encrypted at rest across our infrastructure using AES-256.
Independent third party assessments are crucial in order to get an accurate, unbiased understanding of an organisation’s security posture. Akeero conducts penetration tests on an annual basis or after any major change, both at the application and the infrastructure level, using highly qualified, independent assessors.
We understand the importance of confidential information remaining confidential. We conduct periodic user entitlement reviews for our employees to ensure appropriate permissions are in place and in accordance with the principle of least privilege. Employees have their access rights promptly modified or terminated upon change in employment.
Akeero maintains a vulnerability disclosure program, allowing security researchers from around the world to ethically and responsibly research and disclose security vulnerabilities to our security team. For more information, check out our Vulnerability Disclosure Program section.
Akeero is a cloud-based company, with no part of our infrastructure retained on-premise.
Akeero’s infrastructure is hosted on Amazon Web Services, where leading physical security measures are employed.
At Akeero we are committed to providing continuous and uninterrupted service to all our customers. We consistently backup user data every 5 minutes. All backups are encrypted and highly available for 35 days.
Security Awareness Training
Akeero understands that its security is dependent on its employees. Therefore, all our employees undergo thorough information security awareness training during onboarding. Further security training is provided on an annual basis at a minimum. Additionally, all employees must sign our Acceptable Use Policy.