This page describes what we do to secure the platform you trust to host your applications using the following topics:
Should you have questions or would like to know more about how we secure our platform? Please reach out to us using the contact form.
Avisi Cloud applies encryption of data whenever possible, both at rest and in transit. Avisi Cloud uses industry best practices to secure your data.
We maintain strict back-up policies for all our systems, and the systems we run for our customers, such as Kubernetes Control Planes. Multiple back-up strategies are in-place for each data store, including off-site back-ups. All back-ups stored are encrypted and only accessible for disaster recovery purposes by authorized engineers.
We use the following backup strategies for our data:
For worse case scenarios we have multiple recovery methods that are tested periodically. We have automated checks and monitoring on the health status of our back-ups. We maintain strict recovery targets in order to guarantee our systems are up-and-running quickly should the worse case happen.
All services, including internal facing services run by Avisi Cloud require authentication. All Avisi Cloud engineers make use of Multi-Factor Authentication (MFA). Engineers use personal accounts for all login accounts. Log-in actions are audited across our platform.
Avisi Cloud works according to the least privileged principle. Engineers & Staff only have access to systems and data required for their role.
The platform is architected to tolerate failure at multiple failure domains, such as entire datacenter(s), Cloud Provider or region. We have designed our systems to isolate failures as much as possible from impacting our services or customers.
We continously improve our architecture and software systems to improve reliablity. Avisi Cloud uses the Avisi Cloud Platform internally to host the Avisi Cloud platform. This means we benefit largely from our own engineering efforts to automate maintenance actions, upgrades and auto healing functionality for our customers.
This means we;
At Avisi Cloud we made great efforts to secure our software supply chain. We are active advocates of tooling such as cosign, make sure all software we run come with Software Bill-of-Materials (SBOMS) and continously scan our software & dependencies for vulnerabilities and CVEs.
All our Open-Source and internal projects conform to Supply chain Levels for Software Artifacts (SLSA). This is a security framework and check-list of standards that prevents tempering and secures build artifacts.
All our container images are signed using cosign from the sigstore project. This is our public key:
-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzezKl0vAWSHosQ0JLEsDzNBd2nGm 08KqX+imYqq2avlbH+ehprJFMqKK0/I/bY0q5W9hQC8SLzTRJ9Q5dB9UiQ== -----END PUBLIC KEY-----
This public key is also published on all our Open-Source Projects and Documentation websites