Key security offerings

Cunomial uses best practice security measures to protect your personal and organization data.

Data encryption
Data encryption in transit

In keeping with the best practices in security, all data in transit, including login credentials and credit card details for payments, is protected using TLS 1.2 (https) by default, with 256-bit encryption key and SHA-256 signed certificates.

Robust network security controls provided by Google Cloud Platform (GCP) and Amazon Web Services (AWS) are used to help protect data in transit. Network security solutions, including firewalls and network access control, help secure the networks used to transmit data against malware attacks or intrusions.

Access control
Role and permission based access control

Cunomial has an extensible system for defining user roles and associated system use permissions so that users can only access functionality they are permitted to, whether they be administrators, managers, employees or other users.

Role and permission based access control implemented by Cunomial is a policy neutral access control mechanism defined around roles and privileges. The components include role-permissions, user-role and role-role relationships, which make it simple to perform user assignments. The access control mechanism is appropriate to facilitate administration of security in small to large organizations with thousands of users and hundreds of permissions.

Server security
Server security

Cunomial has its entire server infrastructure on Google Cloud Platform (GCP) and Amazon Web Services (AWS). Within the AWS or GCP cloud infrastructure, Cunomial's servers are secured in a Virtual Private Cloud (VPC). Cunomial's servers, powered by AWS and GCP, are infinitely scalable and they run in isolated execution environments, ensuring that security problems that may arise do not spread beyond a specific server.

Extensive and enforced usage of Secure Shell (SSH) keys, selective opening of ports through firewalls and service auditing through AWS and GCP complete Cunomial's robust security infrastructure. In addition, Intrusion Detection System (IDS) alerts the teams at Cunomial of security risks.

Cloud security
Cloud product security

Cunomial high-resilience Virtual Private Cloud (VPC) is hosted on Google Cloud Platform (GCP) and Amazon Web Services (AWS). All our application stack physical infrastructure and data storage is within AWS and GCP data centres worldwide. Both AWS and GCP data centre and network architecture are built to comply with stringent global standards and meet the requirements of the most security-sensitive organisations.

AWS and GCP data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems and other electronic means.

Security operations
Security operations

Teams at Cunomial approach security holistically with a common controls framework. Security threats are prevented using secure software development practices and industry-accepted operational practices.

Best practices
Best practices

Cunomial has an elaborate self-test and regular audit procedure in place. A secure and robust logging infrastructure, leveraging latest technology platforms, enables Cunomial to trace an event end-to-end. Real-time security monitoring and protection and web application firewalls protect Cunomial from a range of perspectives, both internal and external.

The operating systems, network infrastructure and the software, which Cunomial uses, are always up-to-date with latest versions, to ensure that all diagnosed and fixed security vulnerabilities are embedded in the architecture.


Copyright © 2020 Cunomial