Trust
We understand the importance of information and data security.
UNCOMPROMISED SECURITY LEVEL
Gain peace of mind and security you can trust.
SECURITY IS OUR SECOND NATURE
After spending many years in core cybersecurity roles in Israeli intelligence, we deeply appreciate and adhere to the highest standards of information and data security.
This unique experience enables us to build the most robust and secure software solutions dedicated to you.
SECURITY BY DESIGN APPROACH
We approach new software development by creating a fortress of concrete and sound security measures first.
We use secure development lifecycle best practices; we implement the Least Privilege Principle in all aspects of our software and employ access rights and data storage restrictions to provide maximum security and data privacy.
Above all, we consider the human factor as the most critical link in the security chain and appropriately run security awareness and periodic training for our employees.
TRUST AND COMPLIANCE
At Cypago, we are SOC 2 approved, demonstrating our commitment to top-tier security, confidentiality, availability, and processing integrity. Our certification ensures rigorous protection of your data, reliable system uptime, and accurate data processing. Trust Cypago for comprehensive compliance and data security.
Here are some things we’ve done to ensure
your security while using our platform:
WE EMPLOY A MULTI-LAYERED SECURITY APPROACH
- Use fine-grained permissions with no persistent credential storage
- Multi-tenant security with full access isolation
- Data encryption at rest and in motion
- Code and environment using different namespaces and queues
- Supporting a variety of SAML-based login to enhance your strict login policy
- Data level schemas and tenant-level security are in place
- Periodic penetration testing
WE GIVE YOU CONTROL OVER YOUR DATA
- Collected evidence is stored in customer-provided storage to achieve maximum data protection and control
- Tools integration based on minimal and transparent permission scheme, that you can always verify and validate without giving away control
- No long-lived users are needed for tools access, using restricted short-lived sessions with no dedicated persistent users
- Share only the data you want with only the people you need to
- Strict data retention and disposal process
WE IMPLEMENT INFRASTRUCTURE SECURITY
- All the tools and other cloud-based technology in use are SOC 2 approved
- MFA is enforced throughout the environment
- Hardened private networks subnetting
- No external access to private networks
- Firewalled NAT configuration
- Security and monitoring tools
- Database and storage data encryption
- Keys and credentials management
- Periodic user permission and patch management reviews are performed
OUR DEVELOPMENT SECURITY
- We implement secure SDLC from planning to execution including strict security-oriented code reviews
- All 3rd party libraries and packages are regularly updated
- A strict change management process is in place verifying adherence to the development plan
- Branch protection and permission restriction are part of the development process
- Source code vulnerability scans are performed periodically