- Features
Features
For Sales Manager:
- Pricing
- Industries
- Resources
- Refer & Earn
Thousands of customers across the globe trust us with their data privacy and security. We back ourselves up with robust data security and privacy practices that form an integral part of our product engineering and service delivery teams.
We are ISO 27001 Certified and follow the security principles based on OWASP standards right from design to delivery. Security is at the heart of how we build our products, secure your data and provide high availability all time.
1. Highly Resilient Architecture
2. Secured Product Build.
3. Secure APIs
4. Organizational Security
5. Physical Security
6. Infrastructure Security
7. Data Security
8. Identity and access control
9. Operational Security
10. Incident Management
11. Vendor Management
12. Customer controls for security
13. Compliance Reports and Security Resources
We understand the value of data. With our robust system of data safeguards, we allow you to focus on the data rather than on its security. We user Digital Ocean cloud service provider one of the leaders in cloud services and cloud platforms.
Access controls
We’ve role-based access through IAM that enforces segregation of duties, twofactor authentication and end-to-end audit trails ensuring access is in accordance with security context
Encryption
We use SHA-256-bit encryption with RSA for data at Rest and FIPS 140-2 compliant TLS encryption for data in transit.
Product Road mapping
Product roadmap is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint.
DevOps Squad
Our DevOps sprints are powered by a multi-disciplinary Squad of members including the Product Owner, and Quality Assurance.
Code Review
All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security tests.
Quality Assurance
Builds are put through a stringent functionality tests, performance tests, stability tests, and UX tests before the build is certified "Good to go".
Version Control
Source Code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.
Segregation of Duties
Access to the production is restricted to very limited set of users based on the job roles. Access to the production environment for developers and Quality Assurance team members are restricted based on their job responsibilities.
We enable participation in the API economy in a secure manner through Kylas API clients and integration apps.
Accomplished by implementing a strong authentication mechanism on our API calls, dynamic throttling based on API requests and further simplifying security using a robust yet simple RESTful Architecture.
RESTful Architecture
Adoption of an architectural style that simplifies security. Based on the
Representational State Transfer Technology, RESTful enables developers to safely
expose web services with fine grained modularity breaking the source code into
logically atomic components each with its unique security context. RESTful
further enables robust authentication powered by standards like OAuth and JWT.
Defense in depth using API Gateway
To protect the authentication tokens in transit, the APIs terminate in the
gateway only on endpoints that accepts HTTPS over TLS.
JWT token is used to authorize all API requests to the target API gateway,
without exposing the components deeper in the platform such as Relational
Databases and Business logic engines.
Securing API requests
Web-tokens are further used to secure JSON and HTTPS based transmission for
secure assertion of identity claims between two applications. This addresses Key
entropy, latency, reduced attack surface and improves traceability.
API throttling
The number of API calls is throttled (Rate limited) to mitigate application layer
DDOS and Brute Force attacks.
API Lifecycle Security
With Security embedded in the API lifecycle, Kylas provides framework for
developers to create, control, consume our APIs. The framework enables
serverless computing for developers enabling auto scaling, mitigate obsolescence
yet be oblivious about the compute and storage requirements underneath.
We have an Information Security Team (IST) in place which takes into account our security objectives and the risks and mitigations concerning all the interested parties. We employ strict policies and procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data.
Employee Background Checks
Each employee undergoes a process of background verification. We hire
reputed external agencies to perform this check on our behalf. We do this to
verify their criminal records, previous employment records if any, and
educational background. Until this check is performed, the employee is not
assigned tasks that may pose risks to users.
Security Awareness
Each employee, when inducted, signs a confidentiality agreement and
acceptable use policy, after which they undergo training in information
security, privacy, and compliance. Furthermore, we evaluate their
understanding through tests and quizzes to determine which topics they
need further training in. We provide training on specific aspects of security,
that they may require based on their roles.
We educate our employees continually on information security, privacy, and compliance in our internal community where our employees check in regularly, to keep them updated regarding the security practices of the organization. We also host internal events to raise awareness and drive innovation in security and privacy.
Dedicated Security and Privacy teams
We have dedicated security and privacy teams that implement and manage
our security and privacy programs. They engineer and maintain our defense
systems, develop review processes for security, and constantly monitor our
networks to detect suspicious activity. They provide domain-specific
consulting services and guidance to our engineering teams.
Internal Audit and Compliance
We have a dedicated compliance team to review procedures and policies in
Kylas to align them with standards, and to determine what controls,
processes, and systems are needed to meet the standards. This team also
does periodic internal audits and facilitates independent audits and
assessments by third parties.
Endpoint Security
All workstations issued to Kylas employees run up-to-date OS version and are
configured with anti-virus software. They are configured such that they
comply with our standards for security, which require all workstations to be
properly configured, patched, and be tracked and monitored by Kylas’
endpoint management solutions. These workstations are secure by default as
they are configured to encrypt data at rest, have strong passwords, and get
locked when they are idle. Mobile devices used for business purposes are
enrolled in the mobile device management system to ensure they meet our
security standards.
At Workplace
We control access to our resources (buildings, infrastructure and facilities),
where accessing includes consumption, entry, and utilization, with the help
of access cards. We provide employees, contractors, vendors, and visitors
with different access cards that only allow access strictly specific to the
purpose of their entrance into the premises. Human Resource (HR) team
establishes and maintains the purposes specific to roles. We maintain access
logs to spot and address anomalies.
At Data Centers
At our service providers’ data centers are located at secure locations and our
service provider takes responsibility of the building, cooling, power, and
physical security.
Monitoring
We monitor all entry and exit movements throughout our premises through
CCTV cameras deployed according to local regulations. Back-up footage is
available up to a certain period, depending on the requirements for that
location.
Network Security
Our network security and monitoring techniques are designed to provide
multiple layers of protection and defense. Our cloud service providers use
high-grade network firewalls to prevent our network from unauthorized
access and undesirable traffic. Systems supporting testing and development
activities are hosted in a separate network from systems supporting Kylas’
production infrastructure.
Network Redundancy
All the components of our platform are redundant. We use a distributed grid
architecture to shield our system and services from the effects of possible
server failures. If there's a server failure, users can carry on as usual because
their data and Kylas services will still be available to them.
Our service providers additionally use multiple switches, routers, and security gateways to ensure device-level redundancy. This prevents single-point failures in the internal network.
DDoS protection
Our cloud providers (Digital Ocean https://www.digitalocean.com/) use
technologies from well-established and trustworthy service providers to
prevent DDoS attacks on our servers. These technologies offer multiple DDoS
mitigation capabilities to prevent disruptions caused by bad traffic, while
allowing good traffic through. This keeps our websites, applications, and APIs
highly available and performing.
Server Hardening
All servers provisioned for development and testing activities are hardened
(by disabling unused ports and accounts, removing default passwords, etc.).
The base Operating System (OS) image has server hardening built into it, and
this OS image is provisioned in the servers, to ensure consistency across
servers.
Intrusion Detection and Prevention
Our Service providers' intrusion detection mechanism takes note of hostbased signals on individual devices and network-based signals from
monitoring points within our servers. Administrative access, use of privileged
commands, and system calls on all servers in our production network are
logged.
At the Internet Service Providers (ISP) level, a multi-layered security approach is implemented with scrubbing, network routing, rate limiting, and filtering to handle attacks from network layer to application layer. This system provides clean traffic, reliable proxy service, and a prompt reporting of attacks, if any.
Secure by design
Every change and new feature are governed by a change management policy
to ensure all application changes are authorized before implementation into
production. Our Software Development Life Cycle (SDLC) mandates
adherence to secure coding guidelines, as well as screening of code changes
for potential security issues with manual review processes.
Our robust security framework based on OWASP standards, implemented in the application layer, provides functionalities to mitigate threats such as SQL injection attacks, Cross site scripting and application layer DOS attacks.
Data isolation
Our framework distributes and maintains the cloud space for our customers.
Each customer's service data is logically separated from other customers'
data using a set of secure protocols in the framework. This ensures that no
customer's service data becomes accessible to another customer.
The service data is stored on our servers when you use our services. Your data is owned by you, and not by Kylas. We do not share this data with any third-party without your consent.
Encryption
In transit: All customer data transmitted to our servers over public networks
is protected using strong encryption protocols. We mandate all connections
to our servers use Transport Layer Security (TLS 1.2/1.3) encryption with
strong ciphers, for all connections including web access, API access, our
mobile apps, and IMAP/POP/SMTP email client access. This ensures a secure
connection by allowing the authentication of both parties involved in the
connection, and by encrypting data to be transferred. Additionally, for email,
we use MailGun, Gmail, and Outlook API services leverages opportunistic TLS
by default. TLS encrypts and delivers email securely, mitigating
eavesdropping between mail servers where peer services support this
protocol.
We have full support for Perfect Forward Secrecy (PFS) with our encrypted connections, which ensures that even if we were somehow compromised in the future, no previous communication could be decrypted. We have enabled HTTP Strict Transport Security header (HSTS) to all our web connections. This tells all modern browsers to only connect to us over an encrypted connection, even if you type a URL to an insecure page at our site. Additionally, on the web we flag all our authentication cookies as secure.
Sensitive customer data at rest is encrypted using 256-bit Advanced RSA encryption.
Administrative access
We employ technical access controls and internal policies to prohibit
employees from arbitrarily accessing user data. We adhere to the principles
of least privilege and role-based permissions to minimize the risk of data
exposure.
Access to production environments is maintained by a central directory and authenticated using a combination of strong passwords, two-factor authentication, and passphrase-protected SSH keys.
Logging and monitoring
We monitor and analyze information gathered from services, internal traffic
in our network, and usage of devices and terminals. We record this
information in the form of event logs, audit logs, fault logs, administrator
logs, and operator logs. These logs are automatically monitored and analyzed
to a reasonable extent that helps us identify anomalies such as unusual
activity in employees’ accounts or attempts to access customer data. We
store these logs in a secure server isolated from full system access, to
manage access control centrally and ensure availability.
Detailed audit logging covering all update and delete operations performed by the user are available to the customers in every Kylas service.
Backup
Our cloud service providers run incremental backups every day and weekly
full backups. Backup data in the DC is stored in the same location and kept
encrypted.
To ensure the safety of the backed-up data, our service provider use a redundant array of independent disks (RAID) in the backup servers. All backups are scheduled and tracked regularly. In case of a failure, a re-run is initiated and is fixed immediately.
From your end, we strongly recommend scheduling regular backups of your data by exporting them from the respective Kylas services and storing it locally in your infrastructure.
Disaster recovery and business continuity
Application data is stored on resilient storage that is replicated across data
centers. Data in the primary DC is replicated in the secondary in near real
time. In case of failure of the primary DC, secondary DC takes over and the
operations are carried on smoothly with minimal or no loss of time. Both the
centers are equipped with multiple ISPs.
Our cloud service providers have power back-up, temperature control systems and fire-prevention systems as physical measures to ensure business continuity. These measures help us achieve resilience. In addition to the redundancy of data, we have a business continuity plan for our major operations such as support and infrastructure management.
Reporting
We have a dedicated incident management team. We notify you of the
incidents in our environment that apply to you, along with suitable actions
that you may need to take. We track and close the incidents with appropriate
corrective actions. Whenever applicable, we will identify, collect, acquire and
provide you with necessary evidence in the form of application and audit logs
regarding incidents that apply to you. Furthermore, we implement controls
to prevent recurrence of similar situations.
We respond to the security or privacy incidents you report to us through our support channels, with high priority. For general incidents, we will notify users through our blogs, forums, and social media. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address of the Organization administrator registered with us).
Breach Notification
Depending on specific requirements, we notify the customers too, when
necessary. As data processors, we inform the concerned data controllers
without undue delay.
We evaluate and qualify our vendors based on our vendor management policy. We onboard new vendors after understanding their processes for delivering us service and performing risk assessments. We take appropriate steps to ensure our security stance is maintained by establishing agreements that require the vendors to adhere to confidentiality, availability, and integrity commitments we have made to our customers. We monitor the effective operation of the organization’s process and security measures by conducting periodic reviews of their controls.
So far, we have discussed what we do to offer security on various fronts to our customers. Here are the things that you as a customer can do to ensure security from your end:
K2V2 Technologies Trust Center hosts all the cybersecurity collaterals, such as third-party audit attestation reports, compliance certifications, network architecture documents, and application security testing reports to provide trust and assurance. Click here to access the trust center.
