Kristal Security Center

Security at Kristal

Security at Kristal | 2 min read

Security at Kristal

Network Security

Kristal hosts its servers on Amazon Web Services (AWS), with industry standard security compliances and privacy policies. AWS architecture incorporates data encryptions, DDoS mitigation techniques and network management policies that align with Industry Best Security Practices.

Perimeter Network

All External facing networks are secured with restricted port level access for Web Application access behind Web Application Firewall and DDoS protection for all traffic from the internet.

Internal Network

All internal networks are hardened and no access from the internet is allowed to directly access any systems or applications. System level access is secured over VPN

Data Encryption

Kristal employs secure encryption protocols for data at rest and data in transit. All communications are encrypted over Secure Sockets Layer. All storage media where data is stored is encrypted.

Endpoint Security

All End User devices are password protected and encrypted to ensure maximum data and device security. Employees follow stringent policies that ensure devices and workstations are never left unlocked and data storage devices never left unattended. Corporate devices are managed using our MDM software to ensure compliance on all devices. All devices are remotely monitored using MDM software to ensure they are compliant.

Privacy Policy

Policies are enforced in such a way that personal data can never be used without consent from the data subject i.e. an individual that can be identified from the personal data. Read more about our privacy policy.

Organizational Policies

We have stringent organizational policies in place to ensure device, data and employee security. We have defined security policies to establish a secure environment and ensure we have secure operation with maximum efficiency.

All employees partake in an annual security training, in which they are updated on the latest security reforms and practices.

Development cycle

Developers follow well-documented procedures during every phase of development. Code is reviewed before execution. Automated Static application security testing (SAST) is performed to ensure security and bugs are identified.
Secure coding best practices are followed as per the Open Web Application Security Project (OWASP) security guidelines.