Platform Security

Cloud-first

First and foremost, we are a cloud-first company. What this means is that we do not own or operate our own physical hardware or servers, and therefore have no need to ensure that physical access is protected. This also means that we do not need to manage software updates or patches. Our software systems are deployed and run in Microsoft Azure and are therefore covered by comprehensive SLAs with regard to security, as well as performance and up-time.

We make use of Microsoft Defender for Cloud which provides insight and recommendations as to how best to ensure the security of our software system.

We ensure our cloud services are hosted in the EU for the purposes of protection under GDPR regulations.

Encryption

Data is encrypted at rest, to ensure that in the unlikely event of unauthorised access, it is not possible to decrypt sensitive data.

Data is stored in Azure Cosmos DB, which is encrypted at rest using AES-256 algorithms. Additionally, sensitive field-level data is encrypted using the same industry-standard AES-256 encryption algorithms, with encryption keys stored in Azure Key Vault. Access is restricted to a small set of authorised employees only.

Environment segregation

We have a logical separation of environments between production and non-production, to prevent accidental loss of data.

TLS

APIs are served over HTTPS as standard.

Last updated