Security Overview: Hyperscience
As a SaaS and On-Prem provider, we prioritize the security and privacy of customer data throughout its transport, storage, and usage. To ensure data protection, we have implemented robust security controls, including encryption, multifactor authentication, and adherence to best practices.
We have achieved SOC 2 Type II certification, validating the effectiveness of our Information Security Program, and hold the Cyber Essentials Plus certification. Regular audits, vulnerability scanning, code scans, and penetration testing further ensure the security of our system.
Amazon Web Services (AWS)
We leverage the secure and compliant infrastructure provided by AWS for our SaaS offering. AWS services are certified with FEDRAMP, HITRUST, ISO 27001, and HIPAA compliance, adhering to recognized security frameworks like NIST 800-53 and the Risk Management Framework.
Key AWS Security Highlights:
- FEDRAMP and HITRUST CSF certifications
- AWS SOC 3 Report attesting to our security practices alignment with AICPA standards
- Support for NIST 800-53 and Risk Management Framework
- Regional hosting environments
- Customer data isolation within AWS Virtual Private Cloud (VPC)
- Multi-factor authentication for AWS management interface
- Disaster recovery replication across multiple US regions
Data Security Measures
Data at rest and in transit is protected through industry-standard encryption. We utilize AWS S3 for data storage, ensuring durability, availability, and redundancy. AWS S3 maintains data integrity through regular checks and repairs.
User Access and Authentication
For SaaS, we integrate with Okta for identity management, allowing integration with existing authentication providers. On-Prem supports authentication methods such as built-in user management, LDAP, OpenID Connect, and SAML.
Separation of Customer Data
We achieve secure separation of customer data through AWS multi-tenancy and Kubernetes namespaces. Each customer environment has dedicated Postgres SQL databases for data isolation.
Disaster Recovery and Data Protection
We employ redundancy, backup processes, and a Disaster Recovery Plan to ensure system availability and data protection. RDS databases are backed up, and S3 object versioning safeguards against accidental deletion or overwrites.
At Hyperscience, we follow a rigorous access management approach to safeguard the confidentiality and integrity of customer data. We employ Role-Based Access Control (RBAC) to assign access privileges based on defined roles and responsibilities. This ensures that individuals only have access to the systems and data necessary for their job functions. Access requests go through an approval process, and regular reviews are conducted to evaluate the appropriateness of access privileges and identify any potential risks or violations.
Detection, Monitoring, and Response
We have implemented a comprehensive system for detecting, monitoring, and responding to security incidents promptly. Through real-time monitoring of system logs, network traffic analysis, and intrusion detection systems, we identify any suspicious activities. In the event of a security incident, we have robust response plans to contain and mitigate the impact. Our skilled security team ensures minimal disruptions and protects customer data. We continuously enhance our capabilities by staying updated on security threats, using advanced tools, conducting regular assessments, and addressing vulnerabilities proactively..
Auditing and Accountability
We maintain logging and monitoring practices for auditing and accountability. Various logs, such as Okta, RDS, IAM, and EKS, capture events and user actions, enabling comprehensive observability.
Internal Security Training and Awareness Program
In addition to the security measures mentioned above, we have implemented an internal security training and awareness program. This program includes:
- Developer Role-Based Training: We provide specialized security training for developers to ensure they possess the necessary knowledge and skills to build secure software. This training covers secure coding practices, secure configuration management, secure authentication and authorization mechanisms, and secure handling of sensitive data.
- Secure Software Development Lifecycle (SDLC): We follow a secure SDLC approach to integrate security practices at every stage of the software development process. This includes security requirements gathering, threat modeling, secure coding guidelines, code reviews, and security testing. By incorporating security early in the development lifecycle, we aim to identify and mitigate potential vulnerabilities and weaknesses before software deployment.
- Phishing Training: To combat the ongoing threat of phishing attacks, we conduct regular phishing awareness training for our employees. Through simulated phishing campaigns, employees are exposed to realistic phishing scenarios and trained to recognize and report suspicious emails or activities. The training emphasizes the importance of verifying the authenticity of requests and following proper security protocols to mitigate the risks associated with phishing attacks.
For any inquiries or additional information, we urge customers and prospects to contact their dedicated Hyperscience representative or visit our website at https://hyperscience.com/contact/.
By implementing these security measures, partnering with AWS, conducting internal security training and awareness initiatives, emphasizing access management and detection/response capabilities, and providing convenient support channels, we ensure the security, compliance, and protection of customer data across our organization.