Our Security

Defense-in-Depth.

Security at every layer to protect your code.

homepage-binary-box

Security at Inception

We develop using Security Development Lifecycle (SDL) by following security assurance practices and compliance requirements. This helps us build more secure software by reducing the number and severity of vulnerabilities in software while reducing development cost. 

DevSecOps

This is how we implement DevSecOps:

Developer Training

Our developers are security engineers first and are trained in writing secure code as a requirement. Our test cases always include validating security controls.

Security Requirements

We continuously update security requirements to reflect changes in functionality and the threat landscape.

Threat Modeling

We utilize threat modeling to identify security vulnerabilities, determine risk, and identify mitigations.

Secure By Design

Our design has security as a key feature helping us build a secure and robust solution by design.

Infrastructure Security

Our platform is built on a multi-cloud architecture and employs military grade security and encryption technology to protect against potential threats. We follow these best practices:

  • Consistent firmware updates and security patches.

  • Security experts perform periodic penetration testing.

  • Highly resilient DNS design.

  • Monitoring and protection using industry standard technologies.

Application Security

Securing applications is our core mission, we employ the same principles that S4 provides to our customers. 

4 Key Elements

These 4 key elements provide application comprehensive security to our platform. 

Software Configuration Analysis (SCA)

Configuration Analysis (Config)

Static Code Analysis (SAST)

Interactive Runtime Testing (IAST)

Best Practices

Our software engineering leaders ensure best practices, such as OWASP, CWE, BSIMM are followed to properly design and develop the software to meet the most strict security standards.

Continuous Security

Security is not a destination but a process. We continuously review and keep up-to-date our technology stack. We review active attack patterns and exploits in the wild to protect our environments and the customers who rely on us. 

Security Culture

This is what we call our secret sauce, at DigitSec, we have a security culture. We think about security first whenever we are doing anything and this hypersensitivity makes us diligent in protecting our customers.

Secure Sandboxing

Your code and configuration data is sandboxed so that it is protected from other tenants. The sandbox is extended to the data layer ensuring that each customer has unique and independent data stores. Once a user authenticates, they are sandboxed in their own tenant environment.

Secure Communications

All transfer is done over secure TLS channels. This is further reinforced by using technologies such as:

  1. HTTP Strict Transport Security

  2. Content Security Policy (CSP) 

We provide end-to-end encryption for all network layer traffic protecting your code and configurations in transit. 

Strong Encryption

Your data is protected by encryption keys generated by pseudo-random number generators. Your encryption keys are unique to you and used to provide strong encryption at rest. We use AES-256 to provide enterprise grade encryption.

Limited Storage

Your code and configurations only exist during the analysis and are removed from all of our servers. Typically this is anywhere from 5-10 minutes during an analysis. Moreover, we utilize the industry approved method of purging using random data to protect against data recovery. Non-persistent storage is an industry leading method for reducing risk of operations.

Complete Confidentiality

Your data is never touched and never leaves your Salesforce environment. This coupled with limited storage provides comprehensive confidentiality of data.

On-Premise Solution

If you require more security controls and operate in highly regulated environments, then we also support on premise installation of our solution.

Security Assurance & Compliance

We are built on a multi-cloud architecture without any platform customizations which does not change the compliance of these platforms. This allows us to extend standard compliance such as GDPR, PCI, HIPAA, and FedRamp of these platforms. Moreover, we comply with the ISO 27001 standard and all of its controls.

Transparent in Partnership

We work with many companies that have stringent security standards and require extensive documentation of our policies and procedures. We are happy to connect with potential customers under mutual Non-Disclosure Agreements to provide requested documentation.

Sign up to get updates and security insights from DigitSec