docs

✅ Security Guidance

At SCAYLE, we understand the paramount importance of maintaining the highest standards of security to safeguard sensitive data. One of the main principles that supports our security model is defense in depth, which means that we implement several layers of security. This principle gives us assurance that even if one security control fails, the others will still be in place, thus making an attack more difficult and giving our security engineers more time to detect and stop the attacker before any data is compromised.

Below you can find several examples of security controls that make this possible for us.

Intrusion Detection and Prevention

We employ Intrusion Detection and Prevention Systems (IDPS) to continuously monitor network traffic, making use of both signature-based and behavior-based methods to swiftly identify and block any potential attacks.

Authentication & Authorization

Least Privilege Principle

Strong authentication and authorization primitives support our efforts in implementing the principle of least privilege, which can heavily reduce impact of a successful attack.

Role-Based Access Control (RBAC)

We use Role-Based Access Control (RBAC) to ensure that access is strictly limited to authorized individuals based on their role and job function.

Encryption

Transport Layer Security (TLS)

We employ Transport Layer Security (TLS) protocols to secure communication, encrypting data in transit between servers, clients, databases or any other networked devices.

Data-at-Rest Encryption

The data stored within our infrastructure is shielded with encryption, providing protection against unauthorized access, even in the event of physical compromise.

Vulnerability Management

Regular Scanning

Our proactive approach involves regular vulnerability scans to identify and promptly address weaknesses, minimizing the risk of exploitation.

Patch Management

A robust patch management process ensures that our software and systems are consistently updated with the latest security patches, maintaining the highest level of protection.

Software Supply Chain

We also monitor our software supply chain by generating and importing Software Bill-of-Materials (SBOM) and scanning them for vulnerabilities in the packages that we use.

Logging and Monitoring

We utilize several logging and monitoring systems to be able to:

  1. Detect attacks as early as possible throughout their lifecycle.
  2. Retrospectively analyze activity within our systems after an incident occurs.
Previous
🔗 Bulk Access Revocation
Next up
🔗 Integrate a fraud check provider