Advantages for maritime actors
Our unique understanding of maritime digitalization and tailored solutions provide our customers with faster port calls, better decision-making and highly improved situational awareness.
Transitioning to a sustainable maritime industry is at the center of our vision.
AI-DRIVEN
Most accurate and reliable event predictions
TRUSTED
Neutral and secure platform keeping the data you share safe
CUSTOMERS
Security and trust
in Awake.AI
At Awake security and trust are key tenets in building our ecosystem
SECURITY
Training and design
Awake.AI has dedicated security training for developers and threat modelling is part of the system design life-cycle.
Infrastructure security
The Awake ecosystem is constantly monitored and evaluated against industry best practices such as 'Center for Internet Security' and 'AWS foundational security' controls. Status of these controls are verified several times every day and infrastructure security controls are one of Awake ecosystems key performance indicators
Development, testing and production environments are separated
Network segmentation is in place
Security testing
Awake ecosystem executes continuous security tests in it's build and production systems to catch errors and vulnerabilities as early as possible. Continuous security tests are testing both new code being introduced in the system and already running production systems.
Code quality and security tests during development process
Automated security and dependency scans for deployments
Periodic container and application security scans
Role based access controls and MFA
All internal and external access to Awake ecosystem follow role based access models and are constantly monitored for anomalies. All internal access requires use of two factor authentication.
Data encryption
Customer data management
All data in the Awake ecosystem is encrypted both at rest and during transit.
We utilise only Perfect Forward Secrecy ciphers in our transit encryption protocols
We utilise modern encryption algorithms
Encryption extends also to backups
All customer data in the Awake ecosystem is classified and placed in registries with corresponding classifications. All access to customer data registries requires authentication and authorization with role based identities.
PRIVACY
Awake.AI is complying with GDPR regulations and customer privacy is one of our top priorities.
Compliance
Awake ecosystem runs on AWS infrastructure, which is certified to ISO27001 and SOC2 certifications
Reliability
We utilise multiple AWS Availability Zones in the AWS Regions in our platform in order to achieve High Availability
Performance
Awake platform is built on light-weight and scalable applications.
STATE OF INCIDENT RESPONSE OF PORTAPP
Prepare
Awake application and infrastructure management is automated as much as possible. To stay on top of the status of the service infrastructure we utilize continuous asset monitoring. Critical service data is backed up automatically on a daily schedule for fast recovery. We follow AWS’s and Center for Internet Security’s best practices for setting up services and reporting on the state of platform security. The people at Awake also go through mandatory security training that is tuned to their role in the company.
Detect
In order to find out irregularities and potential security issues Awake utilizes real-time threat monitoring. In addition to threat monitoring Awake uses AWS’s logging and audit tools to provide real time view of platform activities. For all these services, logs are stored outside of the platform to safeguard the integrity of audit trail and incident investigation. Awake’s Security Team receives alerts from the findings on suspicious events.
Remediate
In the case of a business disrupting event, Awake’s Security Team and experts perform initial triage based on the alerts and findings of the security tools. Affected systems and data are isolated and unauthorized access is terminated. If access keys or secrets are compromised they will be rotated. If data integrity is compromised backups will be used to retain trust in the platform.
Follow-up
The Awake Security Team prepares an incident report by gathering facts with other teams and experts. The reports contain analysis of the event, a root cause explanation and suggestion on how to prevent the recurrence of such incidents. This report is presented to company management.
STATE OF ENCRYPTION AND KEY MANAGEMENT OF PORTAPP
Encryption in transit
The Awake Portapp connection is encrypted with Transport Layer Security using modern algorithms. Only cipher suites that enable Perfect Forward Secrecy are used for the encryption. All datastores utilized in the platform use secure connections. Be it the databases, AWS S3 or data stream services. The connection security settings are enforced platform wide. The user facing connection security is regularly monitored by testing automation, to ensure the quality and integrity of the service connection.
Encryption at rest
When data is stored in Portapp, Awake makes sure that it stays secure. Datastores from AWS S3 to databases use AES-256 to securely store the data in them. Workloads that require on-disk storage have their storage spaces encrypted with the same level of encryption as any other data storage in Portapp. Data storage encryption is enforced throughout the platform and the compliance for this is being constantly monitored.
Key management
AWS’s native services are used to provide agile and secure management of encryption keys and other secrets. Automatic key rotation is enabled and the rotation status is being constantly monitored. In the event of compromise of a secret, a rotation process is in place to ensure quick remediation.
