# Product Security

<details>

<summary>Network Segmentation</summary>

We segregate the customer environments into multiple cloud regions and between PROD and non-PROD environments from external networks to minimize the risk of unauthorized access.

</details>

<details>

<summary>Firewall and Intrusion Detection System (IDS)</summary>

We implement firewalls, security groups, and [IDS](https://en.wikipedia.org/wiki/Intrusion_detection_system) to monitor and filter network traffic, blocking malicious activities and providing real-time alerts.

</details>

<details>

<summary>Identity and Access Management (IAM)</summary>

We use [Keycloak](https://www.keycloak.org/) which provides strong authentication, user management, user federation, and fine-grained authorization. Spark supports Single-Sign-On (SSO) and identity brokering with your existing [OpenID Connect](https://openid.net/) and [SAML 2.0](https://en.wikipedia.org/wiki/SAML_2.0).

</details>

<details>

<summary>Encryption</summary>

We encrypt data at rest using the most powerful and reliable encryption algorithms ([AES 256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)) and we do it at the application level as well as the database level to secure our data. Data in transit is secured by [TLS 1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security), a more secure and efficient choice for protecting data in transit.

</details>

<details>

<summary>Data Backups</summary>

Automatic backups are taken continuously (near real-time) and incrementally. Our database is continuously backed up and we can restore data to any point in time within the backup retention period. Incremental backup along with full backup is done with a snapshot every `24 h`.

</details>

<details>

<summary>Disaster Recovery</summary>

&#x20;In the event of a disaster, the priority of Coherent is to prevent the loss of life; Coherent will ensure that all employees and any other individuals on the premises or at any impacted area are safe and secure.&#x20;

The next goal is to bring the Coherent Spark application back to business as usual as quickly as possible. Coherent Spark follows an [active/passive](https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-cloud.html) and [pilot light](https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-cloud.html) approach.&#x20;

We committed to a Recovery Point Objective (RPO) of `10 min` and Recovery Time Objective (RTO) of `4 h`.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.coherent.global/trust-center/coherent-trust-center/product-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.