Security controls to protect your data
The security of your data is our number one concern. We strictly adhere to responsible AI principles, shield our infrastructure from DDoS, malware, and other threats with multiple layers of defense, back up your data regularly, and enforce robust authorization to safeguard against leaks and breaches.
Responsible AI
Kontent.ai is committed to aligning with Responsible AI best practices, ensuring AI governance, and complying with relevant laws and regulations. We follow the best practices and standards for AI to guarantee your data security and prevent the misuse of AI for malicious or illegal purposes.Configuration management
Kontent.ai infrastructure is managed as code, which helps us find misconfigurations that could lead to an insecure state in time. That means the Kontent.ai setup is automated and continuously monitored for unexpected changes. If an issue occurs, the setup can be quickly and automatically reverted to an expected previous state. This approach allows for static analysis and regular manual reviews to ensure configurations are secure and adhere to best practices. Moreover, dynamic configuration scanners are in place to validate infrastructure configuration with standards like CIS Benchmarks, Azure baselines, or NIST.DDoS protection
Distributed Denial of Service (DDoS) attacks are mitigated by the DDoS protection placed at the edge of our CDN services – Fastly. Microsoft Azure represents a second layer of protection. It’s auto-scaled, filters out communication that tries to bypass Azure’s DDoS protection, and throttles the requests.Backups
Regular backups are maintained to protect data against ransomware and other corruption. These backups ensure that data can be restored in the event of an attack and minimize the potential data loss. Special recovery drills are regularly tested to train and test the recovery processes for all the cases when it may be needed, not only due to ransomware.Third-party management
We automatically review third-party packages. All findings are reported daily to the internal security team or to development to secure the supply chain.Strong authorization
Single-sign-on (SSO) and multi-factor authentication (MFA) represent the core of security in cloud services as they provide strong resistance against attacks on customers’ identities. To protect the users who cannot use SSO, for example, multiple controls are in place:- Password policy: On top of regular password policies, such as minimum length and different character groups, our policy prevents users from using their public information in passwords, such as their name or surname. We also prevent using weak passwords with a sequence of characters, such as 123aaa, or reusing known leaked passwords.
- Leaked credentials: It’s a common bad practice to reuse the same password for multiple services. To mitigate the impact of data leaks on Kontent.ai and other services, Kontent.ai monitors the use of leaked passwords and helps customers protect their accounts on Kontent.ai and other platforms.
- Brute-force attacks: To combat brute-force attacks, user accounts or IP addresses that exhibit suspicious behavior are blocked by Auth0, our identity provider, even before accessing data.