![]() ![]() We partnered with Vanta & Advantage Partners to seamlessly guide us through the compliance process.The protection of customer data is the highest priority for our team and we’re committed to building a robust security & compliance program. This achievement indicates that our handling and processing of customers’ data meets key security standards.Software development is conducted in line with OWASP Top 10 recommendations for web application security. They have achieved certifications like ISO 27001, PCI DSS, and SOC 2, demonstrating their commitment to security and data protection.Ĭambio requires vulnerability scanning of all production services. This can be applied at a number of increasingly granular levels depending on the functionality available in the database. AWS maintains a robust compliance program, adhering to various industry standards and regulations. The permissions assigned to database user accounts should be based on the principle of least privilege (i.e, the accounts should only have the minimal permissions required for the application to function).Cambio is leveraging AWS Identity and Access Management (IAM) to restrict access based on roles and responsibilities, minimizing the risk of unauthorized access.If a host, service or network only needs to talk to another host, service or network on a specific port or protocol, and nothing else, it should be restricted to this. If a host, service or network doesn’t need to communicate with another host, service or network, it should not be allowed to. Users who configure this system and the secrets it contains are subject to the principle of least privilege. Encrypt all secrets at rest and in transit. AWS provides a highly secure and reliable infrastructure for hosting web services. Use the principles of least privilege and needtoknow. Make the system used to store and process the secrets and credentials robust from a security perspective. All of Cambio's environments are backed by AWS security measures.This right must be given only for a minimum amount of time that is necessary to complete the operation. Encryption keys are managed via AWS Key Management System (KMS) and secrets all are managed in AWS Secrets Manager. Least Privilege A security principle in which a person or process is given only the minimum level of access rights (privileges) that is necessary for that person or process to complete an assigned operation. ![]() ![]() Cambio uses TLS 1.2 to encrypt data in transit. All datastores containing customer data are encrypted at rest. We stay updated with the latest security technologies, and best practices to adapt and enhance our security measures as needed. Continuous improvement: We are dedicated to continuously improving our security practices.We follow best practices and conduct regular security assessments and testing to identify and address vulnerabilities. Secure development: We prioritize security throughout the development lifecycle of our systems and applications.Principle of least privilege: Employees and systems are granted minimum access necessary to perform their required tasks.At Cambio, security and compliance principles guide our product delivery from start to finish. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |