Security

Data Security

Encryption

All data, both in transit and at rest, is encrypted using industry-standard protocols to ensure confidentiality and integrity:

• In-Transit Encryption: We use TLS (Transport Layer Security) for all communications between our clients, API, and servers, preventing interception or tampering.
• At-Rest Encryption: Data stored in our databases, including logs, is encrypted using AES-256 encryption, ensuring that even if data were accessed, it would remain unreadable.

Access Controls

• Role-Based Access Control (RBAC): Our internal systems enforce strict access policies, ensuring that users only access the data necessary for their role.
• Multi-Factor Authentication (MFA): MFA is enabled for sensitive operations, ensuring an extra layer of protection for accessing critical information and administrative areas.

Data Masking & PII Protection

Our platform detects and automatically masks Personal Identifiable Information (PII) during log processing. This helps prevent accidental exposure of sensitive data during analysis and storage processes.

Platform Security

Secure Development Practices

We follow the OWASP Top 10 guidelines to protect against common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and others. Our development pipeline includes:

• Automated Security Testing: Continuous integration (CI) pipelines run automated security tests to catch vulnerabilities early in the development process.
• Code Reviews & Audits: All code undergoes peer reviews, with particular attention to security vulnerabilities, logic flaws, and adherence to best practices.

Third-Party Integrations

We regularly vet and audit third-party services to ensure they adhere to the same security and privacy standards that we do. All third-party access is restricted and monitored.

Monitoring & Incident Response

Real-Time Monitoring

Kyrosen continuously monitors its infrastructure for any suspicious activity:

• Anomaly Detection: We have implemented automatic detection for unusual patterns of behavior, such as unexpected spikes in access or requests that might indicate a security threat.
• Intrusion Detection Systems (IDS): Our platform is integrated with advanced IDS tools that alert us to potential breaches or unusual network activity in real-time.

Logging and Auditing

All platform activities are logged in a secure and tamper-proof manner, providing detailed audit trails for incident response. Logs are stored securely and reviewed periodically to ensure the integrity and reliability of the platform.

Incident Response Plan

We have a dedicated security team that monitors incidents 24/7. In the event of an attack or breach, we:

• Respond immediately to contain the incident.
• Notify affected parties and stakeholders as per regulatory requirements.
• Perform root cause analysis and patch any identified vulnerabilities.

User Privacy & Compliance

We are fully compliant with data protection regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), ensuring the highest standards of user privacy and data handling.

• Data Ownership: Users maintain full ownership of their data. We do not use or share customer data with third parties without explicit consent.
• Data Retention: User data is retained only as long as necessary to provide our services or as required by law. Users can request data deletion at any time.

Physical Security

Our cloud infrastructure is hosted on Amazon Web Services (AWS), which provides world-class physical security measures including:

• 24/7 surveillance
• Biometric access controls
• Environmental controls to protect against physical damage (fire, flooding, etc.)

Regular Security Audits

Kyrosen undergoes regular third-party security audits to ensure that our platform is safe from vulnerabilities and meets industry standards. Our penetration tests and vulnerability assessments help to maintain a secure environment.

Contact Us

If you have any security concerns or wish to report a vulnerability, please contact our security team at security@kyrosen.com. We take all reports seriously and work swiftly to resolve any issues that may affect our users or platform.