Follow us

Trust Centre

Overview

Here at Akeero we understand that our customers expect us to protect their data with the highest standards and are committed to providing them with a highly secure and reliable environment. Our security model and controls are based on international standards and industry best practices, such as ISO 27001 and OWASP Top 10. 

Our systems are hosted on multiple AWS Availability Zones. This allows us to provide a reliable service and keeps your data available whenever you need it. We have also established a disaster recovery site in another EU region.

The AWS data centers employ leading physical and environmental security measures, resulting in a highly secure and resilient infrastructure. 

Application Security

Akeero implements a security oriented design in multiple layers, one of which is the application layer. The Akeero application is developed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment to production.

Our controlled CI/CD process includes static code analysis, software composition analysis, vulnerability assessment, penetration testing, and more. 

Infrastructure Security

Another layer of security is the security of our infrastructure, which is protected with a defense-in-depth approach using a number of mechanisms, including:

  • Firewalls for enforcing IP whitelisting and access through permitted ports only, and only to and from defined network resources
  • DDoS mitigation and rate limiting
  • Continuous monitoring for early attack detection
  • Comprehensive logging of network traffic, both internal and at edge

Data Encryption

Sensitive information is encrypted both in transit and at rest:

  • Traffic is encrypted using TLS 1.2 with a modern cipher suite.
  • User data is encrypted at rest across our infrastructure using AES-256.

External Assessments

Independent third party assessments are crucial in order to get an accurate, unbiased understanding of an organisation’s security posture. Akeero conducts penetration tests on an annual basis or after any major change, both at the application and the infrastructure level, using highly qualified, independent assessors.

Access Control

We understand the importance of confidential information remaining confidential. We conduct periodic user entitlement reviews for our employees to ensure appropriate permissions are in place and in accordance with the principle of least privilege. Employees have their access rights promptly modified or terminated upon change in employment.

Vulnerability Disclosure

Akeero maintains a vulnerability disclosure program, allowing security researchers from around the world to ethically and responsibly research and disclose security vulnerabilities to our security team. For more information, check out our Vulnerability Disclosure Program section.

Physical Security

Akeero is a cloud-based company, with no part of our infrastructure retained on-premise. 

Akeero’s infrastructure is hosted on Amazon Web Services, where leading physical security measures are employed.

Backups

At Akeero we are committed to providing continuous and uninterrupted service to all our customers. We consistently backup user data every 5 minutes. All backups are encrypted and highly available for 35 days.

Security Awareness Training

Akeero understands that its security is dependent on its employees. Therefore, all our employees undergo thorough information security awareness training during onboarding. Further security training is provided on an annual basis at a minimum. Additionally, all employees must sign our Acceptable Use Policy.

Ready to jump onboard?

Akeero helps you design quickly and securely.