Security is front of mind when designing our applications and business processes. The Verified’s Cloud security architecture is designed with consideration of a broad range of industry standards and frameworks and in tandem with our internal threat modeling process. It is designed to balance the need for flexibility with the need for effective controls to ensure confidentiality, integrity, and availability of our customers' data.
Architecture
Applications
Development security, data security & information lifecycle management.
Applications
Development security, data security & information lifecycle management.
Security
Encryption, threat and vulnerability management, security incident management.
Security
Encryption, threat and vulnerability management, security incident management.
Infrastructure
Asset management, access control, operations, communications security.
Infrastructure
Asset management, access control, operations, communications security.
Data Center & Offices
Verified is using the industry leading cloud provider AWS which has relevant physical security controls in place, validated by external assessments such as SOC 1/ISAE 3402, SOC 2, SOC 3. Physical and environmental security.
Data Center & Offices
Verified is using the industry leading cloud provider AWS which has relevant physical security controls in place, validated by external assessments such as SOC 1/ISAE 3402, SOC 2, SOC 3. Physical and environmental security.
Corporate
Security governance, organization of security, personnel security, supplier & third-party data management, mobile security, business continuity, audit/compliance, data privacy.
Corporate
Security governance, organization of security, personnel security, supplier & third-party data management, mobile security, business continuity, audit/compliance, data privacy.
Network
We practice a layered approach to network access, with controls at each layer of the stack.
We control access to our sensitive networks through the use of virtual private cloud (VPC) routing, firewall rules, and software defined networking. All connectivity is encrypted by default.
Staff connectivity requires device certificates, multi-factor authentication, and use of proxies for sensitive network access. Access to customer data requires explicit review and approval.
We have also implemented intrusion detection and prevention systems in both our office and production networks to identify potential security issues.
Network
We practice a layered approach to network access, with controls at each layer of the stack.
We control access to our sensitive networks through the use of virtual private cloud (VPC) routing, firewall rules, and software defined networking. All connectivity is encrypted by default.
Staff connectivity requires device certificates, multi-factor authentication, and use of proxies for sensitive network access. Access to customer data requires explicit review and approval.
We have also implemented intrusion detection and prevention systems in both our office and production networks to identify potential security issues.
The Verified Platform
Threat modeling is used to ensure that we are designing in the right controls for the threats we face.
During the product planning and design phase, we use threat modeling to understand the specific security risks associated with a product or feature. Generally speaking, threat modeling is a brainstorm session between engineers, security engineers, architects, and product managers of an application or service. Threats are identified and prioritized, and that information feeds controls into the design process and supports targeted review and testing in later phases of development.
We use the STRIDE Threat Model framework. STRIDE is an acronym for a common set of security concerns: Spoofing, Tampering, Reputation, Information Disclosure, Denial of Service, and Elevation of Privilege. We utilize threat modeling early in the design process and often can ensure that relevant security configuration and controls are designed to mitigate threats specific to each product or feature we develop.
The Verified Platform
Threat modeling is used to ensure that we are designing in the right controls for the threats we face.
During the product planning and design phase, we use threat modeling to understand the specific security risks associated with a product or feature. Generally speaking, threat modeling is a brainstorm session between engineers, security engineers, architects, and product managers of an application or service. Threats are identified and prioritized, and that information feeds controls into the design process and supports targeted review and testing in later phases of development.
We use the STRIDE Threat Model framework. STRIDE is an acronym for a common set of security concerns: Spoofing, Tampering, Reputation, Information Disclosure, Denial of Service, and Elevation of Privilege. We utilize threat modeling early in the design process and often can ensure that relevant security configuration and controls are designed to mitigate threats specific to each product or feature we develop.
