Ctrlk
About CoherentAPI referenceSupportYouTube
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Cloud Security

As we rely on Amazon Web Services (AWS) for scalability and efficiency, ensuring robust security measures is vital to maintain data integrity, confidentiality, and availability.

Segmentation

Our Amazon Web Services (AWS) accounts provide the highest level of segmentation boundary that can be achieved on AWS. Amazon Virtual Private Cloud (VPC) and subnet provide the further logical isolation of our resources.

Within AWS, security groups act as a virtual firewall and provide stateful inspection. Security groups are also used to control the traffic between worker nodes, external IP addresses, and other VPC resources.

We use Amazon EC2 security groups to define rules that allow inbound and outbound network traffic to and from pods that we deploy to nodes running on many Amazon EC2 instance types.

Access Control

Access to our cloud environments is restricted and we ensure that only authorized users and applications can access them. This is achieved through Identity and Access Management (IAM), Multi-Factor Authentication (MFA), Resource-Based Policies, Service Control Policies (SCPs), and Amazon Virtual Private Cloud (VPC) security.

We utilize AWS CloudTrail, AWS Config, and Amazon CloudWatch to monitor and log access to resources, ensuring that any unauthorized access attempts are detected and can be investigated.

Cloud Security Posture Management (CSPM)

We use AWS Security Hub service for a comprehensive view of the security state and help assess our AWS environments against security industry standards and best practices.

Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps analyze our security trends and identify the highest priority security issues.

Security Hub automates the security checks and centralizes the security alerts to help us in continuous monitoring and initiating an automated response that accelerates the meantime to resolution and remediation action.

Alerts and Monitoring

We monitor application logs, errors, infrastructure utilization, security incidents, configuration drifts, and high-risk activities continuously and take immediate action in response to the findings generated by the monitoring tools.

Our Alert and Monitoring policy guides the team to monitor, identify, assess, and address alerts generated from the monitoring tools promptly, thereby protecting our environments from potential threats to the Confidentiality, Integrity, and Availability of customer data.

Last updated