We take customer data very seriously and you can rest assured that we are using the highest security standards available.
We use the Microsoft Azure cloud infrastructure as the basis for all eyko services. As an eyko customer you inherit all the best practices and policies of Microsoft's infrastructure and operations.
Microsoft's Azure global infrastructure maintains more regions than any other cloud provider. We leverage the Azure infrastructure to protect our Customer's data with industry-leading security, compliance, and privacy practices.
eyko security enforces a mandatory VPN protocol for network access. Internal infrastructure components including: Database Servers, Virtual Machines, key-vaults and other private storage accounts are all hidden from public traffic using private endpoints available only through internal Virtual Networks connected using VPN technology.
We encrypt all data both in-transit and at rest. We use Microsoft Azure managed encryption to achieve the highest encryption standards available. Some tangible examples of steps that we take in order to keep all customer data safe and secure:
All Databases use TDE (Transparent Data Encryption), using customer-managed keys (CMKs, RSA-2048 encryption)
All Virtual Machines or servers used to handle any customer data have local Disk Encryption enabled (AES-256 encryption)
Cloud storage resources are encrypted using Azure Key/Vault customer-managed keys (CMKs, using RSA-2048 encryption)
All our web applications and API endpoints enforce HTTPS.
Customer data is routinely backed up automatically. This gives us the ability to restore data to any point in time according to the customer's configured backup retention policy. The following backup policies are in place for customer data:
Point-in-time restore backups: 7 Days
Weekly long-term retention (LTR) backups: 12 Weeks
Monthly LTR backups: 4 Months
Yearly LTR backups: Keep Week 1 for 1 Year
By default, eyko stores backup data in geo-redundant storage blobs that are replicated to a paired region for High Availability purposes. This helps to protect against outages impacting backup storage in the primary region.
Our databases are encrypted with TDE (Transparent Data Encryption). Backups are automatically encrypted at rest including long-term retention backups.
Customer data can be restored from either a point-in-time restore or LTR backups upon request. The duration of the restore process depends on the size of the database.
Our applications run in a Highly Available manner following Cloud Architecture Best Practices. We leverage Azure Regions and Zones to ensure underlying infrastructure issues don't affect the availability of the eyko platform.
We utilize Layer3/7 firewalls and modern network protection technologies to protect access to internal and customer resources over the network. We strongly believe that solely using Authorization and Authentication should not be relied upon, and that the underlying resources should be further protected at the network layer.
For example, in addition to restricting specific Encrypted Vault data to specific Active Directory entities such as users or groups, we also require that these entities are accessed through internal Virtual Networks and behind private endpoints that are not available to the public internet.
Data is the core of our business and when it comes to protecting it, we put all possible thought and efforts into it. Customer data can be divided into ingested data supplanted with our enterprise data catalog, and application metadata such as designs, sources, and streams. We apply the highest security standards to both, while treating them differently from an operational and availability standpoint.
All customer-facing applications rely on Microsoft Entra ID security features for authentication and authorization. We don't store customer passwords, instead, we use a Role-based access control (RBAC) model that integrates directly with customer identity providers.
All changes made by our development team are automatically tested on an integration environment, and only deployed to customer-facing applications once these changes are approved and tested by team members.
Azure Security Center executes a set of automated assessments of our Azure environment which can help provide evidence relevant to specific controls in a compliance framework or standard. Each compliance assessment generates a report which we make available upon request:
Azure Security Benchmark Compliance Report
ISO 27001 Compliance Report
SOC2 Compliance Report
In order to stay continuously compliant, we utilize alerts to notify immediately when a cloud resource is compromised.
Join the enterprises replacing weeks of manual analysis with a single prompt. See what eyko Playbooks can do with your data.