We rely on the support of our third party vendors Google Cloud and AWS to deliver Kapiche Cloud applications as a service to customers. We monitor and manage the servers, in addition to providing support to our users. Our third party vendors provide the servers, power, network, and physical security of the data centres.
Our Kapiche Cloud platform was designed and optimised by us specifically to host Kapiche applications, and has multiple levels of redundancy built in. The applications themselves run on a separate front-end hardware node than that which the data is stored on. Hardware failure of the compute node is recovered automatically. Application data is stored in several ways:
Storage with multiple levels of redundancy and encrypted with a different key for each customer.
Database failover node. The application databaase is only accessible to local area network servers in use by Kapiche and only via an authenticated encrypted proxy tunnel. Direct access using a client isn’t possible.
Kapiche Analytics engines run on dedicated cloud instances. The instances are only accessible to local area network servers in use by Kapiche and not the wider internet. The engines store a parsed and processed version of the data, not the original data. SSD disks connected to the engine and configured to provide redundancy of the application data and are encrypted.
Access to the data centres is limited to authorized personnel only, as verified by biometric identity verification measures. Physical security measures include: on-premises security guards, closed circuit video monitoring, man traps, and additional intrusion protection measures.
Our data centres are located in geographically diverse locations across the United States, the European Union, Asia, and Australia. For Enterprise clients, hosting in specific geographic regions can be requested.
Our global support team maintains an account on all cloud systems and applications for the purposes of maintenance and support. This support team accesses hosted applications and data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request via our support system.
Within Kapiche, only authorized Kapiche employees have access to application data. Authentication is done via Google IAM accounts, and the servers only accept incoming SSH connections from Kapiche and internal data centre locations via SSO certificates, instead of traditional keys.
Kapiche Cloud is designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer's data without explicit knowledge of that other customers' login information. Customers are responsible for maintaining the security of their own login information.
The Kapiche operations team monitors the Kapiche Cloud platform 24x7 from our operation centre in Brisbane.
SOC 2 Type 2
Our SOC 2 Type 2 report attests to the controls we have in place governing the security of customer data as they map to Trust Service Principles (TSPs) established by the American Institute of Certified Public Accountants (AICPA).
CSA Level 1 - CAIQ
To augment 3rd party application penetration testing we have performed, we have selected data centre providers that maintain industry-standard certifications.
To find out more about the security features and certifications provided by Google Cloud, see https://cloud.google.com/security/
To find out more about the security features and certifications provided by Amazon AWS, see https://aws.amazon.com/security/
Application and analytics database backups for Kapiche Cloud occur every hour at the very least. Often, they occur much more regularly than that. We also backup at the disk layer for another layer of protection. All backups are stored in multiple regions, but not outside of data regulations.
Data security is a top priority for Kapiche, and Kapiche believes that working with skilled security researchers can identify weaknesses in any technology.
If you believe you've found a security vulnerability in Kapiche’s service, please notify us; we will work with you to resolve the issue promptly.
To learn more about our policy, please read our Responsible Disclosure Policy.
We understand the importance of ensuring the privacy of your personally identifiable information. For more information, please see our Privacy Statement.
All security policies, certifications, and security questions are available on our security portal at security.kapiche.com