The security of your data is our number one concern. We strictly adhere to responsible AI principles, shield our infrastructure from DDoS, malware, and other threats with multiple layers of defense, back up your data regularly, and enforce robust authorization to safeguard against leaks and breaches.
Responsible AI
Kontent.ai is committed to aligning with Responsible AI best practices, ensuring AI governance, and complying with relevant laws and regulations. We follow the best practices and standards for AI to guarantee your data security and prevent the misuse of AI for malicious or illegal purposes.
Configuration management
Kontent.ai infrastructure is managed as code, which helps us find misconfigurations that could lead to an insecure state in time. That means the Kontent.ai setup is automated and continuously monitored for unexpected changes. If an issue occurs, the setup can be quickly and automatically reverted to an expected previous state.This approach allows for static analysis and regular manual reviews to ensure configurations are secure and adhere to best practices. Moreover, dynamic configuration scanners are in place to validate infrastructure configuration with standards like CIS Benchmarks, Azure baselines, or NIST.
DDoS protection
Distributed Denial of Service (DDoS) attacks are mitigated by the DDoS protection placed at the edge of our CDN services – Fastly. Microsoft Azure represents a second layer of protection. It’s auto-scaled, filters out communication that tries to bypass Azure’s DDoS protection, and throttles the requests.
Backups
Regular backups are maintained to protect data against ransomware and other corruption. These backups ensure that data can be restored in the event of an attack and minimize the potential data loss. Special recovery drills are regularly tested to train and test the recovery processes for all the cases when it may be needed, not only due to ransomware.
Third-party management
We automatically review third-party packages. All findings are reported daily to the internal security team or to development to secure the supply chain.
Strong authorization
Single-sign-on (SSO) and multi-factor authentication (MFA) represent the core of security in cloud services as they provide strong resistance against attacks on customers’ identities. To protect the users who cannot use SSO, for example, multiple controls are in place:
Password policy: On top of regular password policies, such as minimum length and different character groups, our policy prevents users from using their public information in passwords, such as their name or surname. We also prevent using weak passwords with a sequence of characters, such as 123aaa, or reusing known leaked passwords.
Leaked credentials: It’s a common bad practice to reuse the same password for multiple services. To mitigate the impact of data leaks on Kontent.ai and other services, Kontent.ai monitors the use of leaked passwords and helps customers protect their accounts on Kontent.ai and other platforms.
Awareness is the key aspect to mitigating any ongoing attack, outage, or inconsistency in the system in time. The web application firewall proactively protects Kontent.ai interfaces by blocking attackers early during their malicious activity and warns the internal security team about such security events. On top of that, an internal monitoring and alerting solution helps our support team react to various unexpected availability incidents and quickly solve them.
Anti-malware scans
Azure real-time anti-malware detection scans assets uploaded to Kontent.ai. This scanning protects Kontent.ai infrastructure and also helps us to proactively notify customers about suspicious activity.
Vulnerability reviews
Regular manual and automatic (SAST and DAST) security reviews are integrated into the development process to identify and address vulnerabilities early on, even before putting vulnerable code into production.And since nobody is perfect and we also make mistakes, our Vulnerability Disclosure Program (private bug bounty program) provides a safe way for security researchers worldwide to participate in finding and helping fix security vulnerabilities.
Security awareness
Kontent.ai staff is regularly trained to be aware of security threats, common security holes, and methods and insecure practices used by attackers in general.
, ensuring AI governance, and complying with relevant laws and regulations. We follow the best practices and standards for AI to guarantee your data security and prevent the misuse of AI for malicious or illegal purposes.
