Atlas offers Enterprise-grade Data Protection.
Summary
- We use End-to-End Encryption and block insecure client connections
- Hardened Servers, dedicated security personnel
- Accreditation - ISO / IRAP Compliance
- Leverage AWS data centers - industry leading security relating to physical access
- 99.99% Uptime guarantee
- Provide customers with the tools necessary to secure their users' accounts
Encrypted Data. End-to-end.
We use AES-256-GCM for data at rest.
This is a symmetric algorithm based on Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys, an industry standard for secure encryption. The ciphertext that this algorithm generates supports additional authenticated data (AAD), such as an encryption context, and GCM provides an additional integrity check on the ciphertext. Data encrypted under AES-256-GCM is protected now and in the future. Cryptographers consider this algorithm to be quantum resistant.
While data is in transit we use TLS 1.2+ and only permit strong ciphers.
Hardened Servers & Robust Code Security
We perform routine checkups on our hosts to ensure that they are up to date with security patches and software packages.
We perform regular penetration testing to emulate the attack pattern of hypothetical threat actors and identify / sterengthen target areas.
We operate on the principle of least permission. In both our internal processes, and the systems which we build. In this way we ensure that all of our software features robust access control and protection against unauthorised access.
99.99% Uptime Guarantee
Through our DR / HA strategy we ensure that the Atlas system remains available at all times.
These processes minimise service interruption in the case of an unexpected disaster and returning to operational state as soon as possible without data loss.
Accreditation:
- ISO 27001 Compliance
- IRAP (Information Security Registered Assessors Program) Compliance - in accordance with the Australian Government ISM (Information Security Manual)
Secure User Accounts:
- Password Management
- Password strength controls
- 2FA Support
- Password expiry, restrict reused passwords
- SSO (coming soon)
- LDAP (coming soon)
- Access Control
- Granular permissions defined per user
- Audit Trail of actions performed per user
- Access Log, including failed authentication attempts (coming soon)