Trust & Security

The Atombeat platform is designed to meet the security, compliance, and privacy needs of corporate clients. As a data storage and application support provider, Atombeat can be relied upon and used with confidence by your enterprise.

‍

Atombeat is trusted by teams and organizations like yours for a variety of reasons, including, but not limited to：

· Atombeat runs on a multi-tenant Kubernetes cluster on a fully-managed and secure AWS infrastructure.

· We ensure customer data is stored in isolated containers.

· Access to your data for any reason beyond API service calls is strictly prohibited.

· Atombeat exclusively monitors operational metrics to maintain system health and performance.

· Ultimately, we guarantee your data remains exclusively yours, not Atombeat’s.

‍

Security

‍

Data Safeguarding

Atombeat prioritizes data security with robust encryption for data at rest and in transit. Stringent security measures and best practices ensure your sensitive information remains confidential, available, and safe.

‍

Access Management

‍

Penetration Testing

Atombeat intends to engage a professional third-party security firm for security, vulnerability, and penetration testing. These are run at least once annually, and identified issues are remediated based on their criticality and priority.

‍

Endpoint Protection

All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.

‍

Secure Remote Access

Atombeat secures remote access to internal resources using Tailscale, a modern VPN platform built on WireGuard. We also use malware-blocking DNS servers to protect employees and their endpoints while browsing the internet.

‍

Security Education

Atombeat provides comprehensive security training to all employees upon onboarding and annually through educational modules within Atombeat’s own platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.

Atombeat’s security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

‍

Identity and access mangament

Atombeat uses Okta to secure our identity and access management. We enforce the use of phishing-resistant authentication factors, using WebAuthn exclusively wherever possible.

Atombeat employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.

Our policies are based on the following foundational principles:

01. Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

02. Security controls should be implemented and layered according to the principle of defense-in-depth.

03. Security controls should be applied consistently across all areas of the enterprise.

04. The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

‍

Compliance

SOC Type 2

Atombeat is undergoing a SOC 2 Type 2 audit, based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA). The SOC 2 audit is one of the most recognized standards of information security compliance in the world. It is used to validate a service company's internal controls for information security.

‍

GDPR

The European Union's General Data Protection Regulation (GDPR) compliance is a priority for Atombeat, and we are taking all the necessary steps to ensure that we are GDPR-ready.