The core of our business is combining raw data and turning it into smart data for better decision-making. It is crucial to keep this data safe and secured. We are utilizing one of the best and certifiably secure infrastructure providers for our products and services. We are also taking proactive measures in fortifying the parts that fall under our responsibility.

“At Awake.AI, we have implemented a security-first mindset throughout our organization, to keep our products and services safe and secured.” – Karo Vallittu, Head of Security, Awake.AI

Security of our products and services are built from the ground up, and following a systematic design principle. Security is present at every step in our products’ life cycle, all the way from planning to operation. And as the core of our business is all about combining vast amounts of raw data, and turning it into smart data for better decision-making, we have a deep understanding of how crucial it is to keep this data safe and secured. We are diligently working to uphold this way of operating each and every day.


Knowing is half the battle


As our products and services come from the hearts and minds of our developers, empowering and arming them with the right security tools and required knowledge as early as possible, is fundamental in integrating security into the development process.

Before even a single line of code is written here at Awake.AI, our developers have all participated in an internal security awareness program. In addition to this security training, our R&D personnel have their own security development material and guides to follow in each process.

We have a security team at Awake.AI which constantly follows threat intelligence sources and vulnerability bulletins and takes immediate action if necessary. If there is any indication of a threat vector relevant to us, this information is promptly delivered to the developers who will apply the required changes. As another internal security process, we require multi-factor authentication for all personnel that are responsible for the Awake platform. Also, our product user accounts are completely separated from the administrative accounts.

Building security in


The cost of implementing security rises as a function of time. The later security functions are designed and implemented, the harder and costlier it gets. Thus at Awake.AI, we select the earliest possible moment to begin the security integration to our products. We instill security imperatives in the minds of our developers before they have even started writing their programs.

For the development work, code linters are used to detect security affecting practices during the code writing process. This helps the developers to avoid the most common mistakes. As modern programming leverages the previous work done by others, it is also crucial to diligently inspect this previous work. For this purpose the code dependencies are being monitored and alerts are raised, if vulnerable components are detected. This same methodology is also applied to the containers used by the microservices.

The Awake platform is built on AWS cloud infrastructure. This allows the utilization of high availability hardware and architecture to safeguard the availability of our products and services. The AWS infrastructure has been certified in its security and thus proving the confidentiality and integrity as the bedrock of our platform. At Awake.AI, we also take heed of the infrastructure service provider’s guidelines and security tools. Adhering to the security controls of the “Center for Internet Security” is important to us. For maximizing the security throughput and minimizing human error, we are using automation as often as possible and in every stage of the product development.


Checks and balances


Comprehensive monitoring is essential in today’s security landscape. At Awake.AI, new features are rigorously tested from all angles before the production releases, guaranteeing the seamless functionality of the product. For the service availability, microservice resources and health are constantly being supervised, and any deviations from the normal behavior will trigger alarms. For confidentiality and integrity, the cloud infrastructure is monitored for security related events, such as unauthorized access attempts and other unusual activities. We also keep a constant eye on the externally available interfaces, for example evaluating the state of traffic encryption.


Gearing up for cyber resilience


However, as it is virtually impossible to build an impenetrable digital fortress, we are designing all our systems and processes for cyber resilience. It is about anticipating inevitable threats in all fronts, rapidly identifying them, reacting to them and planning for a quick recovery - thus ensuring continuous services throughout their life cycle.

Cyber resilient businesses can operate better during cyber attacks, thus offering a better service to their customers and gain trust. These businesses can also come up with new innovations faster to the market and enjoy first-mover advantage.

Conclusion

To summarize the numerous controls implemented at Awake.AI, see the following list:

  • Customer data encryption in transit and storage.

  • Requirements of authentication for data access are in place.

  • Audit trail implementations for data access attempts.

  • Least-privilege role-based models for authorizing data access.

We are utilizing one of the best and certifiably secure infrastructure providers for our products and services. We are also taking proactive measures in fortifying the parts that fall under our responsibility. Security is the utmost concern to all of us at Awake.AI. One of our key objectives is to design and develop products and services that are safe and secure, so that you can sleep your nights peacefully.


Karo Vallittu

Head of Security, Awake.AI

karo.vallittu@awake.ai