Skip to main content

Data Security

Product Security#

Product security is of paramount importance at WhyLabs. WhyLabs uses a software development life cycle in line with general Agile principles. When security effort is applied throughout the Agile release cycle, security oriented software defects are able to be discovered and addressed more rapidly than in longer release cycle development methodologies. We also employ continuous security and vulnerabilities scanning across our infrastructure, including continuously monitoring our containers, our machine images, and our network traffic. We apply automated monitoring and notification services to ensure that our engineers are alerted when a vulnerability or suspicious activity is detected. We also employ external organizations to perform penetration tests against our endpoints on a regular basis.

WhyLabs performs continuous integration. In this way we are able to respond rapidly to both functional and security issues. Well defined change management policies and procedures determine when and how changes occur. This philosophy is central to DevOps security and the development methodologies that have driven WhyLabs adoption. In this way, WhyLabs is able to achieve an extremely short mean time to resolve (MTTR) for security vulnerabilities and functional issues alike. WhyLabs is continuously improving our DevOps practice in an iterative fashion.

Physical Security#

The WhyLabs production infrastructure is hosted in Cloud Service Provider (CSP) environments. Physical and environmental security related controls for WhyLabs production servers, which includes buildings, locks or keys used on doors, are managed by these CSP’s. “Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.” 1

Organization Security#

WhyLabs leverages internal services that require transport level security for network access and individually authenticate users by way of a central identity provider. WhyLabs employees and systems leverage two-factor authentication and single sign-on wherever possible. We leverage Cloud Provider’s Identity and Access Management policies to control access to our systems

All WhyLabs personnel undergo regular security and privacy awareness training that incorporates security into technical and non-technical roles; all employees are encouraged to participate in helping secure our customer data and company assets. Security training materials are developed for individual roles to ensure employees are equipped to handle the specific security oriented challenges of their roles.

1 See the AWS Shared Responsibility Model.

Prefooter Illustration Mobile
Run AI With Certainty
Get started for free
Prefooter Illustration