At Koidra, we take security very seriously. First, we respect your privacy and take significant efforts to protect all of your data. Second, we would never do anything with your data that we wouldn't want you to do with yours. Third, we are a SaaS company built and operated by security-minded individuals
Keeping our customer's data secure is one of the most important things Koidra does. We go to considerable lengths to ensure that all data provided to Koidra is done so securely.
Incident Response plan
We have a procedure for security events and have educated all of our staff on our policies. **Once a threat is detected, it will be reported to our operation team immediately** When security events are detected they are escalated to our operations team, stakeholders are then identified, notified, and assembled to rapidly address the event. After a security event is fixed, the stakeholders and operation team perform a root-cause analysis. The analysis is reviewed in person and distributed to stakeholders. It includes action items that will implement controls to detect and prevent similar events in the future.
Build Process Automation
We have the functioning, frequently used automation in place so that we can safely and reliably roll out changes to both our application and operating platform within minutes. We typically deploy source code periodically throughout the day, so we are
All of our services run in the cloud. We do not run our own routers, load balancers, DNS servers, or physical servers. Except for a few data sub-processors our services and data are hosted in Cloud facilities. Koidra services have been built with business continuity and disaster recovery in mind. Our entire infrastructure, including servers and databases, is spread across multiple cloud data centers (availability zones) and will continue to work should any one of those data centers fail unexpectedly. All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests from getting to our internal network.
We have a 98% uptime or higher.
All of the data is stored in the USA. Customer data is stored in a multi-tenant architecture. We do not have individual databases or servers for each customer. However strict privacy controls exist in our application code to ensure data privacy and prevent one customer from accessing another customer’s data. This is done using unique account identifiers which attribute each user to a specific account and apply some authentication and authorization checking mechanisms. We have many units and integration tests in place to ensure these privacy controls work as expected. These tests are run every time our codebase is updated and even one single test failing will prevent new code from being shipped to production.
All data sent to or from Koidra is encrypted in transit using TLS/SSL. This includes system logs, email address lists, and other confidential information.
Koidra is served 100% over https. If you attempt to access the site via HTTP you will be redirected to an HTTPS connection. We have two-factor authentication (2FA) in place for administrative functions related to our services and for the management of our infrastructure
On an application level, we produce audit logs for all system and application activity, ship logs in real-time to a sub-processor via TLS encrypted connections for analysis, centralization, and archiving via cloud storage. All-access to Koidra applications is logged and audited. Koidra uses a sub-processor to monitor for application errors that notify technical staff of real-time application errors generated. File integrity monitoring is performed periodically throughout the day and any changes to system files cause a security alert to be generated.
Security Audits & Compliance
Our internal team performs quarterly to network and application-level vulnerability scanning on our systems and applications. Our infrastructure provider is google cloud.
We will gladly fill out customer due diligence paperwork and security questionnaires.