Awsecurity and trust in Awake AI.png

Security and trust
in Awake.AI

At Awake security and trust are key tenets in building our ecosystem

SECURITY

Training and design

Awake.AI has dedicated security training for developers and threat modelling is part of the system design life-cycle.

Infrastructure security

The Awake ecosystem is constantly monitored and evaluated against industry best practices such as 'Center for Internet Security' and 'AWS foundational security' controls. Status of these controls are verified several times every day and infrastructure security controls are one of Awake ecosystems key performance indicators​

Development, testing and production environments are separated

Network segmentation is in place

Security testing

Awake ecosystem executes continuous security tests in it's build and production systems to catch errors and vulnerabilities as early as possible. Continuous security tests are testing both new code being introduced in the system and already running production systems.​

Code quality and security tests during development process

Automated security and dependency scans for deployments

Periodic container and application security scans

Role based access controls and MFA

All internal and external access to Awake ecosystem follow role based access models and are constantly monitored for anomalies. All internal access requires use of two factor authentication.

Data encryption

Customer data management

All data in the Awake ecosystem is encrypted both at rest and during transit.

We utilise only Perfect Forward Secrecy ciphers in our transit encryption protocols

 

We utilise modern encryption algorithms

 

Encryption extends also to backups

All customer data in the Awake ecosystem is classified and placed in registries with corresponding classifications. All access to customer data registries requires authentication and authorization with role based identities.

PRIVACY

Awake.AI is complying with GDPR regulations and customer privacy is one of our top priorities.

Read more about Awake.AI’s privacy policy.

Compliance

Awake ecosystem runs on AWS infrastructure, which is certified to ISO27001 and SOC2 certifications

Reliability

We utilise multiple AWS Availability Zones in the AWS Regions in our platform in order to achieve High Availability

Performance

Awake platform is built on light-weight and scalable applications.

STATE OF INCIDENT RESPONSE OF PORTAPP

Prepare

Awake application and infrastructure management is automated as much as possible. To stay on top of the status of the service infrastructure we utilize continuous asset monitoring. Critical service data is backed up automatically on a daily schedule for fast recovery. We follow AWS’s and Center for Internet Security’s best practices for setting up services and reporting on the state of platform security. The people at Awake also go through mandatory security training that is tuned to their role in the company.

Detect

In order to find out irregularities and potential security issues Awake utilizes real-time threat monitoring. In addition to threat monitoring Awake uses AWS’s logging and audit tools to provide real time view of platform activities. For all these services, logs are stored outside of the platform to safeguard the integrity of audit trail and incident investigation. Awake’s Security Team receives alerts from the findings on suspicious events.

Remediate

In the case of a business disrupting event, Awake’s Security Team and experts perform initial triage based on the alerts and findings of the security tools. Affected systems and data are isolated and unauthorized access is terminated. If access keys or secrets are compromised they will be rotated. If data integrity is compromised backups will be used to retain trust in the platform.

Follow-up

The Awake Security Team prepares an incident report by gathering facts with other teams and experts. The reports contain analysis of the event, a root cause explanation and suggestion on how to prevent the recurrence of such incidents. This report is presented to company management.

STATE OF ENCRYPTION AND KEY MANAGEMENT OF PORTAPP

Encryption in transit

The Awake Portapp connection is encrypted with Transport Layer Security using modern algorithms. Only cipher suites that enable Perfect Forward Secrecy are used for the encryption. All datastores utilized in the platform use secure connections. Be it the databases, AWS S3 or data stream services. The connection security settings are enforced platform wide. The user facing connection security is regularly monitored by testing automation, to ensure the quality and integrity of the service connection.

Encryption at rest

When data is stored in Portapp, Awake makes sure that it stays secure. Datastores from AWS S3 to databases use AES-256 to securely store the data in them. Workloads that require on-disk storage have their storage spaces encrypted with the same level of encryption as any other data storage in Portapp. Data storage encryption is enforced throughout the platform and the compliance for this is being constantly monitored.

Key management

AWS’s native services are used to provide agile and secure management of encryption keys and other secrets. Automatic key rotation is enabled and the rotation status is being constantly monitored. In the event of compromise of a secret, a rotation process is in place to ensure quick remediation.

security_customer.jpg
security_text_edited_edited.png