Introduction
Security is a top priority at CoralTree. All products follow a universal security framework that ensures a high level of safety for all customer data with strict access controls. Our approach to security spans both infrastructure security and application security.
Infrastructure Security
- CoralTree products are built on Amazon Web Services (AWS) which is SOC-compliant
- Bank-level encryption (AES-256) is used for data in transit and data at rest
- All cloud storage (file storage with S3, data storage with RDS) is encrypted
- Identity and Access Management (IAM) is used to strictly control employee access to services based on a principle of least privilege
- Cognito is used for user authentication such that passwords are stored securely by AWS
- Infrastructure is monitored 24/7 by our Security Operations team, with usage of AWS GuardDuty and other tools to detect and block any suspicious activity
- For more information on AWS security: https://aws.amazon.com/security
Application Security
- Releases are gated by leading SAST (static code analysis) and DAST (automatic vulnerability detection) tools
- Releases are also gated by an in-depth Vulnerability Analysis and Penetration Testing (VAPT) process
- We conduct regular audits with a third-party security firm
Questions
If you have any questions please email support@coraltreetech.com.