Security

LAST UPDATED April 8, 2019

We know that intellectual property is fundamental to how our customers build value in their businesses. Protecting customer data is critical. We place security at the core of everything we do, ensuring that data protection is the primary consideration across every portion of our platforms.

  • We build our platforms on Amazon Web Services (AWS) cloud infrastructure and fully leverage all the protections it has to offer (e.g. 99.999999999% (11 9's) durability for all file storage)
  • All data are highly encrypted (AES-256) wherever possible, both when data are 'in transit' and 'at rest'
  • We use a dedicated Virtual Private Cloud environment per customer to ensure your data are isolated and secured at all times
  • We operate in multiple data centers across the globe for purposes of resiliency and disaster recovery

Layered security

Physical/Infrastructure Security
Catalytic leverages carefully selected third party infrastructure, assuring that customer data and the data assets stored or processed are protected by leveraging Amazon Web Services (AWS) for all web applications and customer data. AWS infrastructure is ISO-27001 certified and AWS has completed audits for SOC 1 (Formerly SSAE 16/ISAE 3402), SOC2, and SOC3. We operate across multiple data centers to ensure resiliency and for disaster recovery.

Application Security
Our applications undergo routine comprehensive assessments by third party organizations to ensure the highest levels of protection against known security vulnerabilities, common security penetration techniques and software development pitfalls. We practice secure development and testing methodologies and use encryption to safeguard customer data both in transit and at rest. To validate our source code and third-party libraries and software, we use multiple tools including ‘Veracode’ for source code security analyses, ‘Clair’ for vulnerability analysis of our Docker containers and ‘Alert Logic’ for 24/7 security monitoring.

Network Security
We use multiple layers of network and operational protection to ensure customer data is continuously protected. Each customer has a dedicated virtual private cloud environment to ensure that your users and data are isolated and secured at all times. We use the techniques of both ‘isolation’ and ‘least privilege’ to ensure maximal security for each customer.


Questions or Comments

If you have any questions, comments, or concerns regarding the security of the Catalytic Platform, please contact us by clicking here.