Book a demo
    Knowledge Base

    Security in KODA.ai

    PublishedOctober 8, 2024
    UpdatedOctober 8, 2024
    Author:Michał Pawełczyk

    Introduction

    At KODA.AI, we apply best practices in data and application security to ensure the highest quality of our services and the security of data, combined with high customer satisfaction. We take care to maintain security standards across various areas and processes within our company. In particular, we focus on:

    • an access management system for our employees, based on different levels of permissions,
    • secure communication and data transfer within the company and the infrastructure of our platform,
    • secure data exchange with our clients and their infrastructure or applications,
    • software development and process testing,
    • backups and disaster recovery procedures.

    Data Protection and Access Control to Infrastructure

    To ensure security control, we have implemented:

    • a process for approving access to information resources and applications,
    • mechanisms for appropriate verification of the identity of users accessing infrastructure or data (unique user identifiers and strong passwords, two-factor authentication mechanisms),
    • a process specifying appropriate roles and responsibilities (who can request access modifications, who can approve access requests, etc.),
    • regular and systematic access rights reviews to ensure continuous validity and accuracy,
    • appropriate encryption mechanisms to protect confidential or sensitive data,
    • defined processes describing data transfer between the provided solutions.

    We establish all necessary and appropriate safeguards, registrations, agreements, and controls related to data processing and always apply industry best practices in data processing.

    We ensure careful selection, reliability, and competence of our employees who have access to data. Our employees are informed about the confidential nature of the data and are subject to confidentiality agreements. They are obligated not to use the data for purposes other than what is required to perform their duties and not to create copies and/or duplicates of the data, except for backups and to comply with statutory retention obligations.

    Data Centers

    To ensure physical security, all services and data are stored on the Google Cloud Platform (GCP), which provides a secure hosting location protected against unauthorized access through physical access controls. GCP also provides uninterruptible power supplies (UPS), backup generators, and other security devices such as fire detectors and extinguishers.

    Currently, all servers, components, and services are located in two zones within the EU (Germany, Belgium).

    Logs and Monitoring

    We automatically analyze logs related to:

    • network traffic,
    • applications,
    • cloud services,
    • employee access to infrastructure and applications,
    • automated software deployment processes.

    The monitoring system automatically notifies us of errors and anomalies in these areas.

    To ensure the availability of information for investigating security breaches, access to system audit tools is restricted to the necessary minimum, e.g., developers who maintain production databases. System logs also help facilitate investigations and monitor access controls.

    Backups

    To meet the availability requirements of the hosted application/data and ensure proper processes and technical measures, we have provided:

    • regular backups of the application and configuration data of our infrastructure in GCP environments,
    • physical security measures at the backup storage location, ensured by Google Cloud Platform and Microsoft Azure,
    • a defined retention period,
    • a backup restoration plan to continue or resume operations promptly in the event of interruptions or failures,
    • regular testing of disaster recovery scenarios to ensure effectiveness.

    Infrastructure Security

    Our platform is based on a serverless model, which means that Google Cloud Platform (GCP) ensures security updates and secure configuration of services. GCP also provides additional tools to enhance the security of our infrastructure and applications.

    All platform services use a secure private network for internal communication.

    Services utilize specific role-based permissions to authorize their requests. We do not use passwords, etc. All internal communication between microservices is based on token-based authorization.

    Incoming and outgoing network traffic of the platform is monitored and analyzed by GCP services, such as Cloud Firewall and WAF – Google Cloud Armor.

    GCP provides technical security measures for our services to protect systems, and thereby information, from malware, network or system breaches, including:

    • antivirus protection to prevent malicious processes,
    • applying patches to mitigate vulnerabilities in the technical environment,
    • measures for detecting unauthorized electronic access attempts to systems used for processing solutions and information,
    • appropriate network security measures (firewalls monitoring network boundaries, etc.), subject to regular control procedures for approving, monitoring, controlling, and revoking remote access to hosts.

    All systems and applications are properly secured against unauthorized access or modification of content or the appearance of the service. Web servers hosting applications log activity within the service.

    All transmitted confidential data is protected from disclosure using encryption methods such as SSL, SFTP, and FTP via private connections or VPN.

    Services ensure mechanisms preventing browsers from viewing source code of executables and server-side scripts. Additionally, file directories on web servers are not indexed or directly accessible.

    Systems are tested to ensure that error situations and exceptions are properly handled, including vulnerability testing.

    Web servers hosting applications operate with the least possible privileges.

    Web servers hosting applications are regularly checked to ensure that all unnecessary software, network services, and/or applications have been removed.

    In the case of application layer vulnerability scans and penetration tests, conducted to ensure that software is free of vulnerabilities, we use a web security scanner provided by GCP.

    Our application fully supports the CORS mechanism and allows only specific whitelisted hosts.

    All credentials are stored as hashes. We use the bcrypt function to generate hashed credentials.

    For authentication, we only use bearer tokens (OAuth2). We do not use cookies to ensure protection against session hijacking or cloning in web applications, ensuring that session identifiers are not easily predictable. This ensures that our interfaces to external client systems provide authentication mechanisms for origin, integrity, and confidentiality.

    Development and Testing

    All system changes are properly documented, impact-assessed, and appropriately tested (unit tests, integration tests, load tests, functional tests), while system tests include various rollback scenarios to revert to a previous version in case a change fails.

    We use Git as the version control system for application code, as well as scripts for building the infrastructure. All changes are deployed automatically using CI/CD processes.

    System integrity from unauthorized changes is maintained through formal change management processes, which are also used to manage changes in applications and systems, across physically and logically separate environments.

    To isolate environments/applications/data from each other, all services are hosted as separate projects within Google Cloud Platform.

    Access Control

    The access control mechanisms implemented in the application enforce the principle of limited access—”anything not explicitly permitted is prohibited.” This effectively blocks user access to all protected services, features, data, and objects (files, directories, database records, URLs) except those for which they have been granted permissions.

    The access control mechanisms in the application also enforce established workflow rules (task execution order) and imposed limits (attachment size, number of operations, transactions, changes, etc.).

    We adhere to the principle of least privilege, meaning users are granted only the permissions necessary to perform essential actions.

    The application logs events related to access control.

    Access to the administrative section of the application and content management sections is secured by policies enforcing strong passwords and two-factor authentication (2FA).

    OAuth2 tokens are used to authorize all operations.

    All security-related information and configuration files are stored in locations protected against unauthorized access.

    The application supports Single Sign-On (SSO) authentication.

    Inactive accounts are automatically deactivated after 90 days.

    Identification and Authentication

    All users or processes acting on behalf of users undergo an authentication process.

    All functions that operate on authentication factors of an identity (e.g., registration, profile updates, login/password recovery) are at least as resistant to attacks as the main authentication mechanism.

    There are mechanisms to manage credentials, such as assigning, changing, blocking, setting account lifespan, and storage.

    Mechanisms ensure session control for authenticated users (e.g., closing inactive sessions after a defined period).

    Credentials are never hardcoded in the application code or passed in URL parameters.

    The application has protection against brute-force attacks on credentials, blocking subsequent authentication attempts for a defined period.

    The application detects and blocks attempts at automated horizontal brute-force login attacks (where a single password is tried across multiple accounts).

    Password input fields do not display user passwords during entry.

    Cryptography

    The transmission of sensitive information via public networks is always encrypted, using communication protocols that ensure a high level of confidentiality.

    Sensitive data is never stored in plain text. The system provides cryptographic means to protect sensitive stored data.

    Data is stored on encrypted partitions, protecting against physical disk loss or theft.

    Passwords and access-related data to the platform and its components are encrypted.

    The web application, especially if it provides commercial services over the Internet, uses SSL certificates issued by a trusted external certification authority.

    Suspiciously high volumes of informational requests or requests triggering critical transactions are blocked.

    HTTP/HTTPS protocols are handled according to best security practices (e.g., setting required HTTP headers and their attributes, configuring TLS protocol).

    Published
    Updated
    Author:Michał Pawełczyk
    Table of contents