Traces is following a multi-cloud deployment strategy by distributing critical infrastructure between several providers like Amazon Web Services (AWS) and Google Cloud Platform (GCP). Both AWS and GCP data centers are SOC 1, SOC 2, and SOC 3 certified. Government agencies can request AWS GovCloud deployment.
Traces is following exceptional security protocols both internally and in our work with partners. We build our infrastructure on top of global cloud providers that are regularly audited and certified.
Traces uses multiple layers of encryption to protect data at rest including SSDs, backups, and cloud storage. AES 256 is used for encryption by default without any action from the customer.
All critical infrastructure at Traces Cloud is automatically replicated and backed up to multiple regions. No matter what happens to the primary data center or even the whole region your data will be safe.
Traces global infrastructure is designed to provide data processing and storage inside the country or region of its origin. Stay compliant with local regulations and benefit from low-latency communication.
Much like technology, security threats are continuously evolving. We have introduced effective mechanisms to limit the negative impact of errors and newly discovered vulnerabilities on our services.
Important events from applications and other sources are collected and monitored in near-real time. Automated rules are created to take timely action to specific events and alarm about discovered anomalies.
We use automation to regularly update, patch, and secure applications across the whole infrastructure. This process helps us to protect our services from the latest threats and maintain the top shape.
Traces works with industry-leading security experts to continually run infrastructure and application layer penetration tests.
We utilize a variety of manual and automated security checks throughout the whole development lifecycle of our applications.
Security is an integral part of our operations at Traces. We have implemented various methods to reinforce best practices and to get effective countermeasures against various threats before they become problems.
All actions and changes in Traces infrastructure are recorded for after-the-fact investigations and near-real time interventions. Comprehensive logs help to reveal who has accessed any given system, and what changes they have made.
Our employees learn about the latest security challenge by completing Traces annual training. This program covers various topics including but not limited to cybersecurity, social engineering, data protection, and many more.
The amount of customer data on Traces Cloud is very limited and saved in an encrypted form. Access is logged and strictly limited only to authorized employees who require it for their job.
All our employees are using robust MFA systems from industry-leading providers to access Traces infrastructure. Any attempts to log in without a valid MFA are prohibited, logged, and investigated.
One of the most critical components of any system security is network. Traces strives to ensure that your data is protected as it’s transmitted to and within our infrastructure.
Traces employs one of the best measures to help ensure authenticity, integrity, and privacy of data in transit. Data is protected by TLS with strong 2048-bit private keys and encrypted with AES 128 while it moves between sites.
Traces API utilises only standard ports so there is no need to introduce excessive complexity to your firewall rules. All communications are protected with HTTPS over TLS v1.2 so all the data is going through the secure Port 443.
For the on-premise deployments, we do not require internet or network connectivity even for licensing purposes. This is an ideal solution for sensitive data that can be stored and processed only in air-gapped systems.
Data security is a top priority for Traces. We acknowledge that security weaknesses can be identified in any technology and that’s why we are always welcomed Ethical Hacking. If you believe you’ve found a security vulnerability in Traces Cloud service, please notify us ASAP.
Please notify us about a discovered vulnerability by email security@traces.ai
Provide us with a reasonable amount of time to
resolve the issue before disclosing it to the public and
third party.
In your attempts to discover potential weaknesses please make a good faith effort to avoid violating the privacy, destroying data, interrupting or degrading Traces service, DDoS, and/or any physical attacks against infrastructure.
