Security and trust
At Awake security and trust are key tenets in building our ecosystem
Training and design
Awake.AI has dedicated security training for developers and threat modelling is part of the system design life-cycle.
Awake ecosystem executes continuous security tests in it's build and production systems to catch errors and vulnerabilities as early as possible. Continuous security tests are testing both new code being introduced in the system and already running production systems.
Code quality and security tests during development process
Automated security and dependency scans for deployments
Periodic container and application security scans
The Awake ecosystem is constantly monitored and evaluated against industry best practices such as 'Center for Internet Security' and 'AWS foundational security' controls. Status of these controls are verified several times every day and infrastructure security controls are one of Awake ecosystems key performance indicators
Development, testing and production environments are separated
Network segmentation is in place
Role based access controls and MFA
All internal and external access to Awake ecosystem follow role based access models and are constantly monitored for anomalies. All internal access requires use of two factor authentication.
Customer data management
All data in the Awake ecosystem is encrypted both at rest and during transit.
We utilise only Perfect Forward Secrecy ciphers in our transit encryption protocols
We utilise modern encryption algorithms
Encryption extends also to backups
All customer data in the Awake ecosystem is classified and placed in registries with corresponding classifications. All access to customer data registries requires authentication and authorization with role based identities.
Awake ecosystem runs on AWS infrastructure, which is certified to ISO27001 and SOC2 certifications
We utilise multiple AWS Availability Zones in the AWS Regions in our platform in order to achieve High Availability
Awake platform is built on light-weight and scalable applications.
STATE OF INCIDENT RESPONSE OF PORTAPP
Awake application and infrastructure management is automated as much as possible. To stay on top of the status of the service infrastructure we utilize continuous asset monitoring. Critical service data is backed up automatically on a daily schedule for fast recovery. We follow AWS’s and Center for Internet Security’s best practices for setting up services and reporting on the state of platform security. The people at Awake also go through mandatory security training that is tuned to their role in the company.
In order to find out irregularities and potential security issues Awake utilizes real-time threat monitoring. In addition to threat monitoring Awake uses AWS’s logging and audit tools to provide real time view of platform activities. For all these services, logs are stored outside of the platform to safeguard the integrity of audit trail and incident investigation. Awake’s Security Team receives alerts from the findings on suspicious events.
In the case of a business disrupting event, Awake’s Security Team and experts perform initial triage based on the alerts and findings of the security tools. Affected systems and data are isolated and unauthorized access is terminated. If access keys or secrets are compromised they will be rotated. If data integrity is compromised backups will be used to retain trust in the platform.
The Awake Security Team prepares an incident report by gathering facts with other teams and experts. The reports contain analysis of the event, a root cause explanation and suggestion on how to prevent the recurrence of such incidents. This report is presented to company management.
STATE OF ENCRYPTION AND KEY MANAGEMENT OF PORTAPP
Encryption in transit
The Awake Portapp connection is encrypted with Transport Layer Security using modern algorithms. Only cipher suites that enable Perfect Forward Secrecy are used for the encryption. All datastores utilized in the platform use secure connections. Be it the databases, AWS S3 or data stream services. The connection security settings are enforced platform wide. The user facing connection security is regularly monitored by testing automation, to ensure the quality and integrity of the service connection.
Encryption at rest
When data is stored in Portapp, Awake makes sure that it stays secure. Datastores from AWS S3 to databases use AES-256 to securely store the data in them. Workloads that require on-disk storage have their storage spaces encrypted with the same level of encryption as any other data storage in Portapp. Data storage encryption is enforced throughout the platform and the compliance for this is being constantly monitored.
AWS’s native services are used to provide agile and secure management of encryption keys and other secrets. Automatic key rotation is enabled and the rotation status is being constantly monitored. In the event of compromise of a secret, a rotation process is in place to ensure quick remediation.