Securing Your Data in the Cloud

May 12, 2019 3 minute read

1. Security

Security and Cloud Security at ComplyAdvantage is the highest priority.

Using the shared security model with AWS allows us to scale and innovate.
We are able to be agile whilst maintaining a secure environment.

2. ISO 270001 & GDPR

ComplyAdvantage is ISO27001 certified across all systems and locations – everything we do is in scope for the certification.

We went through extensive analysis of our systems to ensure full GDPR compliance and have an appointed a Data Protection Officer

3. Firewalls

Our Customer data is protected by a Web Application Firewall and Network Firewalls that are built into Amazon VPCs (Virtual Private Clouds).

Any suspicious activity immediately alerts our Infrastructure and Information Security teams
via CloudWatch who are ready to mitigate any threat.

4. Alerting, Logging and Monitoring

We have deep visibility into API calls through AWS CloudTrail meaning everything is
traceable and activity is logged and monitored.

Any suspicious behavior is alerted by CloudWatch to our Infrastructure and Information
Security Team.

5. Defense in Depth

A combination of AWS services is implemented to create a defense in depth strategy and automatically thwart DDoS attacks.

Our WAF automatically thwarts the OWASP top ten threats and others with the latest updated signatures.

6. Encryption

Data at rest is encrypted AES 256 and data in transit is encrypted with TLS1.2 / Https

7. Access Controls

We operate the principle of least privilege meaning that only the employees who need to have access to systems and data have access.

All access is strictly controlled by AWS Identity and Access Management (IAM).

8. Privileged Access Management

All privileged accounts are controlled by AWS IAM and require Multi-Factor Authentication.

Access to any information or systems in the CA Cloud requires a VPN connection.

9. Single Tenancy

For our Transaction Monitoring Platform only.
All of our Customer data is segregated into a single tenancy.

At no point is your data at rest touching other customers’ data meaning that you have
your own single and secure environment.

10. Vulnerability Scanning, Pen Testing, Audits

We carry out weekly vulnerability scanning across our environments. We conduct internal pen tests.

We also hire highly skilled third parties to Penetration Test our systems. We conduct an ongoing and rigorous internal audit program as well as being subject to the ongoing ISO27001 certification process. No stone is left unturned.

11. Business Continuity and Disaster Recovery

We carry twice-yearly DR tests which we happily share with our Customers. Having our Infrastructure in the AWS cloud guarantees 99.95% uptime.

The AWS Cloud has high availability spread across availability zones throughout the world.

12. Back-Ups

We carry out daily incremental backups of your data which is stored fully encrypted
using AES 256 bit.

We also have full backups stored in Azure and Google in case of an AWS disaster,
these are also encrypted and strictly controlled.

13. Patching

All of our systems are updated with the latest security patches as soon as they are trusted and available.

14. Our Employees

Our employees are highly skilled and fully trained. Security training is compulsory
to ALL staff and specific ongoing Cloud Security training is given to ALL staff that
have access to your data and training is given specific according to their role. For
example, all of our coders receive mandatory OWASP top ten training.