We understand how important it is to keep your information safe. Security has been a cornerstone of development since day one as Stylo’s founders spent their careers in cyber security. We take the commitment to upholding the safety of information through our extensive use of policies, controls, and industry experience to ensure your utmost confidence. At a glance:
SOCII Type II certified
Annual penetration tests
PII masking
Continuous monitoring
PII Masking
Common types of sensitive information including banking card numbers, Social Security Numbers, Passport information, Drivers Licenses, and more are automatically removed and masked.
Data center and network security
Stylo services are hosted in GCP (Google Cloud Platform) data centers which meet the following standards for cloud security.
Application Security
Stylo's web applications are built to minimize attack surface and adhere to standards for security, authentication and cryptographically safe exchanges. Any exchange with third parties is done through TLS.
Authentication
Stylo's authentication system uses OAuth with JWTs making it simple to manage permissions. Additionally, Stylo utilizes verification of shared secrets and IP whitelisting.
Penetration Tests and Vulnerability Scanning
Alongside regular penetration testing, Stylo utilizes continuous monitoring solution SecurityScorecard. Stylo strives to maintain a grade of an “A” (The highest grade in SecurityScorecard) at all times. In addition, before deploying updates to production we scan our containers to identify any potential vulnerabilities as part of our pre-deployment process.
Compliance and privacy support
As a data processor, we ensure we are helping our customers maintain compliance posed by their own regulatory requirements. For GDPR requests we are able to produce records of stored information and respond to requests for data deletion. Custom data retention policies are available upon request for specific engagements.
System Security
Facilities
Stylo's services are hosted on GCP. Data center facilities maintain physical security, disaster preparedness and redundant power supplies.
Physical Security
GCP maintains a physical security policy permitting access only by authorized individuals.
Monitoring
All production systems are monitored by Stylo and incident detection systems. Interservice communications are traced and monitored for any potentially suspicious activity. Health checks are continuously conducted from the following regions: Asia Pacific, Europe, United States and South America.
Geography
Stylo’s SAAS offering by default is served for GCP US-West-1 (Oregon) datacenter.
Data Security and Privacy
Encryption in Transit
Communications between Stylo and all remote clients and services are encrypted according to industry best-practices Transport Layer Security (TLS). We further utilize verification of shared secrets and IP whitelisting.
Encryption at Rest
All customer data is kept in single-tenant data stores. All data within these stores is encrypted at rest.
International Compliance
As a data processor, we look to support our customers to maintain compliance posed by their own regulatory requirements. By request, we can produce records of stored information and respond to requests for data deletion.
Security Policies
External Auditing
Stylo engages external security providers to continuously monitor our public-facing attack surface. Additionally, internal penetration tests are run annually.
DDoS Protection
Stylo’s public IPs are protected by DDOS protection to defend against significant attacks.
Employee Access and Training
All employee access is granted in accordance with the principle of least access. Employees are only able to access information associated with their relevant projects. All staff is trained and made aware of security policies during onboarding.
Security Incident Response
Stylo maintains an up-to-date security incident response policy establishing effective controls to ensure the detection of security vulnerabilities and incidents, as well as quick reactions and responses to security breaches.
Third-Party Services
Stylo performs a risk assessment of all third-party services. For a current list of subprocessors, see here.
Full Policy Documentation
Listed above are the security policies our customers most commonly ask about. Full documentation can be produced upon request.
You can learn more about Stylo security on our dedicated page Here.
Stylo has received Service Organization Control (SOC) 2, Type II Certification as an independent validation of compliance with the industry best practices.
Comments
0 comments
Please sign in to leave a comment.