Get in touch
Log in

Use Cases

User onboarding

User data protection and residency

API and Workload identity

Identity Threat Detection and Response

Non-human identity management

Credential Rotation and Secretless Access

Protect non-federated applications

Pricing

Developers

Blog

Careers

1
Log in

How SlashID Protects Your Data

Last modified: 02/24/2024

We exceed the standard industry security measures to provide unmatched safety for your data.

Our Security Strategy

SlashID’s professionals, processes, and state-of-the-art technologies work together to safeguard customer data, employing a threefold approach:

1. Application-Level Security Measures

Security Development Lifecycle

We adhere to time-tested security frameworks for reinforcement, encryption, identification, and access management. Through regular risk evaluations during development stages, our security team continuously reassesses and strengthens our security stance. To provide an additional layer of security to our platform, we consistently perform the following checks:

  • Peer reviews of design and code
  • Internal vulnerability checks along with contracts with Approved Scanner Vendors (ASV) for vulnerability detection
  • Collaboration with premier penetration testers for comprehensive assessment of our application and infrastructure

Customer Data Access Management

In terms of policy implementation, we apply the principle of least privilege, granting only necessary permissions to engineers for their roles. The following details the type of access we have to customer’s data:

  • Infrastructure
  • Application
  • Production Systems

Direct interaction with production systems is prohibited without documented authorization.

Application-level data encryption

Our service is a globally replicated, field-level encrypted, data store to keep user data safe and compliant with Data Protection laws while improving UX by decreasing latency through data locality.

We make extensive use of envelope encryption. Our chain of trust forms a tree of keys, each child key is encrypted with the parent key.

The key hierarchy mentioned above is generated per-region and this structure brings a number of advantages:

  • A compromised key doesn’t compromise all the data
  • Deleting user data can be achieved through crypto-shredding by deleting the corresponding user key
  • Data can be replicated globally without violating data residency requirements since the keys are localized per-region
  • The root of trust is stored in a Hardware Security Module (HSM) making a whole-DB compromise an extremely arduous task
  • We can enforce fine-grained access control on the HSM to tightly control and reduce the number of services able to decrypt subtrees

Tools & Systems

Access to tools and systems that interact with the production system is controlled by built-in access management and is limited to selected engineers. Access to SlashID vaults is governed by an inbuilt policy-based access control mechanism; only approved tools can access their corresponding vault data.

2. Infrastructure-Level Security Measures

Audits and Accountability

SlashID’s platform incorporates comprehensive audit logging to record all security-sensitive events for centralized log server analysis and alerts. To uphold continuous operational security of the platform, we undertake the following procedures:

  • Documented approvals are required for all modifications to production systems
  • Documented peer engineering review and approvals are necessary for all changes to the SlashID platform software application

Recovery

SlashID’s infrastructure employs multiple layers of system recovery and data recovery protocols, including:

  • Continuous backups of production system data to ensure a low Recovery Point Objective (RPO), minimizing data loss during DR
  • Streamlined and automated operations of production infrastructure to ensure low Recovery Time Objective (RTO), minimizing operational disruption during DR
  • All services are deployed on GCP Multi Availability-Zone setup, clustered and constantly monitored to ensure high availability
  • Cross-region data backup on GCP to ensure data recovery across regions

3. Operational-Level Security Management

For security operations, SlashID employs a number of products to address:

  • System Controls
  • Vulnerability Management
  • Configuration Management
  • System and Information Integrity
  • Threat Detection
  • Incident Response

Certifications and Compliance

Our platform environment and team adhere to the following standards:

  • SOC 2 Type II Certified
  • GDPR Assessed and Compliant
  • HIPAA Assessed and Eligible
SlashID /Identity at scale
••••••••••••••••••••••

Secure your identities

The identity stack to protect users and non-human identities.

Get in touch