At VAKT, we enable companies to exchange sensitive commercial information in a secure, private, and immutable way.
That’s why we take a security-first approach to everything we do. From the development of our services, based on blockchain (distributed ledger technology) for storing and exchanging information between network participants, to the delivery of our services using Infrastructure as Code and CI/CD approach, to the monitoring of our environments with anomaly detection and automated remediation, security is a core value that drives our business forward.
Our compliance program is here to help meet our customers' compliance needs. We undergo independent third-party audits and certify our products and services against ISO 27001, ISO 27017 and SOC2. Our certificates and attestation reports are available on request.
ISO/IEC 27001:2013 is the only international standard for information security and sets out the specification for an information security management system (ISMS). ISO 27001’s best-practice approach helps organisations manage their information security by addressing people, processes, and technology.
Part of the ISO 27000 series of information security standards, ISO 27001 is a framework that helps organisations establish, implement, operate, monitor, review, maintain and continually improve an ISMS.
VAKT has achieved its ISO/IEC 27001:2013 certification in 2020.
ISO/IEC 27017:2015 standard provides additional guidance on the information security aspects of cloud computing, recommending and assisting with the implementation of cloud-specific information security controls by supplementing the guidance in ISO/IEC 27002:2013 and other ISO27k standards.
Its code of practice provides additional information security controls implementation advice beyond that provided in ISO/IEC 27002:2013, in the cloud computing context.
VAKT has achieved its ISO/IEC 27017:2015 certification in 2021.
AICPA TSC 2017 (SOC 2) compliance is one of the most popular forms of a cybersecurity audit, used by a rapidly growing number of organizations to demonstrate that they take cybersecurity and privacy seriously.
SOC 2 stands for Service Organization Control 2 and is a security framework that defines how companies should manage, process, and store customer data based on five Trust Services Categories (TSC):
- Security - referred to as the common criteria
- Availability - optional
- Processing integrity - optional
- Confidentiality - optional
- Privacy - optional
Compliance with SOC 2 requirements is unique to each company as it is based on a set of trust service categories as opposed to a prescriptive list of controls. As such, the SOC 2 reports are also unique to each organization.
VAKT has completed the first AICPA SOC 2 audit report in 2022
Security is considered and built into VAKT services at every layer starting with a robust architecture design.
Architectural design decisions are based on well-known security strategies and approaches, defined to meet our stringent requirements.
VAKT completes annual penetration tests or more frequent, between major feature releases. These tests are performed by well-known CREST accredited assessors with the results shared with its customers.
An automated-led approach allows us to confidently prove our compliance posture buy continuous monitoring of over 90 controls to ensure compliance with the adopted security frameworks.
VAKT is working closely with its customers cybersecurity SMEs to ensure they are up to date with overall cyber security posture and security related work performed at our end.
Industry leading Web Application Firewall with automatic updates to block against the latest threats spotted around the world.
DNSSEC to block against DNS hijacking attacks. We take your access to VAKT seriously and go in-depth, enabling every security measure we can.
Application level and network level DDoS protection is in place on our web services.
TLS 1.2 or higher is used for data in transit and encryption at rest for all instances and databases.
AWS handles physical and virtual aspects as part of the shared responsibility model. Deployments with AWS ECS limit our footprint and ensure a better security posture.
Infrastructure as code with Terraform allows peer reviewed changes, template scanning for vulnerabilities, and quick recovery in case of outages.
Network spoofing protection is enabled in our cloud provider which prevents adversaries from spoofing traffic or ARP addresses.
VAKT uses a number of services for anomaly detection including GuardDuty as well as third party security services from trusted vendors.
Every code merge has a static code analysis check done that must be passed before code can be merged to main branch.
We scan our codebase for credentials to ensure they aren’t accidentally merged into code.
A leading third party security solution scans all of our libraries to ensure we don’t have vulnerable libraries in the code base.
All code is peer reviewed by a Senior Engineer before being merged to main branch.
Our devices are centrally managed with policies for security, patching, and encryption enforced.
There are many threat actors that target specific companies, VAKT combats this by using Next Gen solutions that have ATP protections and have 24/7 managed threat hunting capabilities.
VAKT uses the latest technology in endpoint security to identify potential threats. We use Next-Gen anti-virus and EDR to identify and stop malicious threats activating and to see the chain of events that lead up to it.
VAKT uses a Zero Trust approach to evaluate the security posture of the endpoints and its members of staff.
We can’t wait to show you VAKT in action.
Schedule a meeting with us and we’ll demonstrate how a VAKT integration connects you directly with your counterparts and ecosystem partners for fast, secure, sharing of accurate data.