Cybersecurity Cube
To comprehensively secure your data, we follow the principles outlined in the cybersecurity cube. This model helps us to systematically implement and enhance security measures across our platform, ensuring a robust defense against potential threats.
Security principles
Confidentiality
We prioritize the confidentiality of your data through a zero-knowledge-first approach. This means that all sensitive information is encrypted on the client side, ensuring that our servers never have access to the plaintext data. We uphold strict privacy standards and never sell any data. All analytics we collect are anonymized and comply with GDPR regulations. We utilize Role-Based Access Control (RBAC) to manage project members, ensuring that only authorized users can access sensitive information. Additionally, we enforce two-factor authentication (2FA) for accounts with access to production values, adhering to the principle of least privilege by granting users only the minimum level of access necessary for their roles.
Integrity
We maintain the integrity of your data through rigorous client-side encryption and comprehensive audit logging for every change made. Daily backups are performed to ensure data can be restored in case of any incidents. Input validation is strictly enforced to prevent invalid or malicious data from compromising our systems. These measures collectively ensure that data remains accurate, consistent, and trustworthy.
Availability
To guarantee the availability of our services, our frontend and database leverage serverless architecture, providing scalability and resilience against disruptions. We employ Cloudflare to protect against DDoS attacks and other threats. Our backend operates on a private server with Akamai, with future plans to upgrade to serverless or Kubernetes for enhanced performance and reliability. Our infrastructure undergoes regular performance and stress testing to ensure it can handle high traffic and maintain availability.
State of data
Transmission
All data transmitted across our network is encrypted using TLS 1.2 or higher, ensuring that data remains secure during transit. Sensitive secrets are encrypted on the client side, adhering to our zero-knowledge-first principle, and our API traffic is secured with Cloudflare’s Full (strict) encryption.
Storage
Sensitive secrets stored in our system are encrypted, and passwords are hashed using bcrypt with 12 rounds to enhance security. We perform daily backups to safeguard data against loss or corruption.
Processing
We ensure that no sensitive data is logged during processing. All sensitive data is encrypted on both the client and server sides before processing, maintaining its security throughout its lifecycle. We validate all inputs to prevent errors and potential security breaches.
Countermeasures
Human factors
All employees at Enkryptify are trained to adopt a security-first mindset. We enforce the principle of least privilege, ensuring that employees only have access to the information they need to perform their roles. Every feature we develop must pass a strict security checklist before being deployed.
Policies and practices
We adhere to strict account policies, including mandatory 2FA and robust password requirements. Multiple checks are in place to authenticate users, and we uphold high code quality standards to prevent vulnerabilities.
Technology
We utilize secure encryption methods for data protection, as detailed in our encryption section. Cloudflare provides network encryption, and Supabase handles authentication securely. We regularly check for Common Vulnerabilities and Exposures (CVEs) and rotate strong keys to secure system access. Multiple firewalls are in place to further protect our infrastructure. Additionally, we conduct regular penetration testing to identify and address potential security weaknesses.