Queries are executed by transmitting a mathematical representation of the information, empowering you to gain insights at aggregate level without moving your raw data.
Your dataset never leaves its own dedicated virtual server (called a “Bunker”). No two datasets are ever hosted together, and no other customer can ever access a server hosting your data.
Each Bunker has its own subnet, and its own tightly-controlled security perimeter. Stateful firewalls help ensure that only traffic associated with legitimate Bunker access can enter the subnet.
Secure credential storage
As you’d expect, your login passwords are hashed in line with industry best practice. For additional protection, they’re encrypted at storage level too.
Two-factor authentication based on Google Authenticator is supported, and strongly encouraged during registration. If you want to, you can require it for your organization’s users.
Optionally, you can integrate with your own sign-on systems - increasing convenience for your users while ensuring alignment with your existing password policies.
If you choose to let other people or organisations gain insights from your data, you have a range of options to control exactly what they can do. A colour-coded visualisation helps you understand the consequences of your choices.
All data at rest is stored on encrypted disks, based on the robust AES-256 cryptographic standard.
During the process of “normalization”, data not required for the configured task is automatically deleted. Only the minimum data required is retained.
If you choose to terminate your Bunker, the data it stores is immediately deleted - and for additional reassurance, the cryptographic key which was required to access it is also destroyed. If you stop using InfoSum services without terminating your Bunkers, they will automatically expire at the end of your billing period. Once this happens, the data is deleted within 48 hours.
Nobody can reference your data unless you actively grant permission. When fine-tuning what you allow, the default is always the least permissive option.
By default, your data is held in the UK. On request, we can use the AWS network to host your data in an alternative location that meets your security or data protection requirements.
Only designated specialist staff can log onto our production servers. As an additional protection, these servers are accessible only using a complex cryptographic key and multi-factor authentication.
All data in transit, whether between you and the product or between product components, is encrypted end-to-end using TLS 1.2 - guarding against interception or man-in-the-middle attacks.
Disaster recovery process
Our comprehensive Disaster Recovery process ensures that our solutions remain available or can be easily recovered in the case of a disaster.
Infrastructure as Code
Wherever possible, our servers and networks are built from configuration files held in a secure, auditable management system. As well as accelerating disaster recovery procedures, this eliminates the risk of human error.
We perform frequent, automated scans for network vulnerabilities such as unexpected open ports.
We use rate limiting and other mitigations to reduce or eliminate the impact of denial-of-service attempts.
We continuously and proactively monitor our systems, to detect unusual activity, respond to issues, and to manage capacity. Our dedicated infrastructure team is on hand to respond to alerts.
In the event of detecting suspicious activity, our predefined response procedure will minimise impact, assess risks and ensure transparent communication.
Incident response procedure
Any new feature entering our products is formally reviewed for security implications. At a minimum this happens twice during development - and depending on the feature, often a lot more.
All code under development passes through a series of testing environments, before it’s released to our customers. No real data is ever exposed to any testing environment.
We use best-practice “DevOps” methodology to ensure all code changes are automatically tested and quality-controlled.
Complementing our automated tests, our QA specialists conduct regular manual tests based on real-world tasks, guarding against any unexpected changes to the behaviour of the system.
Controls on open-source software
Every piece of open-source software used in our product is individually assessed and signed off. We subscribe to a service which pro-actively notifies us if any vulnerabilities are found in the open-source software we use.
We regularly invite independent security professionals to attempt to “crack” our products - testing our resistance to techniques such as code injection, token exfiltration and cross-site scripting attacks. A copy of our most recent pentest’s executive summary may be provided to prospective customers under NDA.
All of our products are developed in-house, by a tight-knit team of experienced coders. We don’t outsource development work, so we know who wrote every line of our code.
Segregation of duties
It takes two people to make a change to our product - one to write the code, and one to sign it off. We have technical protections to ensure that nothing can sneak under the radar.
Principle of least access
We use precise role descriptions to lay out what each of our people do and doesn’t need to do. Nobody has login credentials for a system unless it’s genuinely necessary for their work.
It goes without saying that we take up references for all our employees and onsite contractors. For those with the most privileged access to our systems, we also require a criminal record check.
All our staff are required to undergo and satisfactorily complete annual security and data protection training.
We’re certified for compliance with ISO 27001, the internationally-recognised gold standard for information security management. If you need our certificate for your own records, you can download it here.
We have a designated Head of Security, who reports on relevant matters to a dedicated Security Review Board. This also oversees a scheduled programme of formal self-assessment, ensuring that security remains at the top of our management agenda.
Regular, impartial, external audits monitor our compliance with ISO 27001, and alignment with recognised best practice. We make continual improvements to our policies in the light of new threats and protections.
We have specialist cyber-insurance coverage, including against the risk of data loss, underwritten at Lloyds of London.