What security measures do you apply?
Last updated
Was this helpful?
Last updated
Was this helpful?
We host multiple clients on a single standalone environment hosted on AWS through a single RESTful API. AWS employs a robust with multiple certifications including ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC 1, SOC 2, SOC 3, PCI DSS.
The system that hosts Screena is based on system. All hard drives are encrypted.
We use Amazon API Gateway and Amazon Load Balancer with WAF to distribute the requests and protect the system from DDoS attacks.
The production operating systems are updated on a daily basis for security updates.
All the code produced for the core application and associated services adheres to the guidelines and recommendations to prevent common security issues such as or . Every code change is committed, signed, and tracked in a versioning system.
During the development phase of the application, an automatic audit of security is done using and tools, and reviewed before each release.
To use the Screena API, an is mandatory. We provide one API key, unique to each client, on a one-off basis. The API key is used to authenticate requests for usage and billing purposes. Each API request shall always be associated with an API key.
Multiple logging systems are in place to detect unauthorized access to the system. We use the regular logging from Amazon CloudTrail, CloudWatch, but also internally within the application where each API request is logged.
No administration URL is exposed externally. Administration URLs are only accessible from the internal network.
Data is kept anonymous at all times as we encrypt data in transit, in compliance with AES-256 SHA 512.
We don’t store or keep customers’ personal data sent through . We only log and count the number of API requests executed monthly for billing purposes.