This section provides an overview of Exalate's approach to security. You can also review information on the company's Information Security Policy, as well as internal rules and regulations regarding data handling, staff rules and responsibilities towards internal and external data, physical security, etc.
The Three Dimensions of Security
At Exalate, we are focused on the three dimensions of security:
- Awareness: to factor out human risk
- Infrastructure: to make Exalate Cloud a fortress
- Development: to catch security vulnerabilities
Awareness
This involves an effective and pro-active use of the industry's best security practices in standards, training ,and organiztional structure.
- SMS according to ISO27001:2022. Includes privacy and GDPR policies
- New employee background checks prior to hiring
- Bi weekly security briefings
- Employee quizzes and challenges
- Role appropriate security training
- Internal structure: BoD -> GRC Board -> Security Team
Infrastructure
Exalate Cloud
- Implemented on Google Cloud
- Using 'container OS' which is hardened
- State of the art EDR (Endpoint Detection and Response)
- Based on Palo Alto - Cortex XDR
- SOC team (NVISO) available 24x7 to manage incidents and stop attacks
Exalate Application
- Single tenant application
- All data at rest and in transit encrypted and segregated
- Exalate admin defines what data gets under sync
Scanning and Testing
- Yearly pentesting (frequency will increase to bi-yearly)
- Bug Bounty through bugcrowd
- Continuous security scanning by Atlassian
Secure Development by Design
Continuous 4 stage scanning using snyk: Development, Build, Release, Deployment
Security Champion role
- Manage the threat model
- Verify impact of all changes (bug fixes, improvements, feature)
- Inspect vulnerability reports
Specific security training for developers
- Secure Code Warrior
Exalate Information Security Policy