Industry standard authentication

Industry-standard authentication

We enforce 2-factor authentication, single-sign-on, strong password policies, standard protocols for integration (OpenId Connect, OAuth 2.0, and SAML 2.0), and JWT tokens to protect authentication data in transit.

Strong encryption

Strong encryption

All data is encrypted using HTTPS and TLS, with our user data and critical infrastructure configurations being encrypted using 256-bit AES. Encryption keys are protected by an industry-grade secret management tool where the vault is protected by a two-man integrity policy.

Reliable backup systems

Reliable backup systems

Customers’ data is continuously replicated on Amazon AWS cloud and is backed up throughout the day. Our disaster recovery solutions provide fully automated failover to a backup system so our services can continue to operate without disruption.

Role based permissions

Role-based permission

Access rights are determined by specific roles. This approach balances offering users flexible access to their data assets, while allowing strong enforcement of data access controls.

Enterprise network security

Enterprise network security

Anduin’s servers are protected behind firewalls to control both internal and external traffic and our systems use virtual networks for isolation and protection. We have regular network penetration testing to proactively detect potential threats.

Audit trails

Audit trails

All actions in the system are logged in an immutable audit trail accessible to system administrators. Anduin provides a suite of tools to search, filter, and report on these actions.

Up to date maintenance

Up-to-date maintenance

We maintain up-to-date operating systems across our network. Verified security patches are deployed as they’re released and we continuously monitor for both malicious and accidental incidents.

Compliance

Compliance

Anduin is compliant with SOC 2, the gold standard for security, availability and confidentiality of customer data. SOC 2 is both a technical audit and a requirement that comprehensive information security policies and procedures be written and followed.

Get in touch to request our security whitepaper

Contact us