The security of your data is our number one concern. We strictly adhere to responsible AI principles, shield our infrastructure from DDoS, malware, and other threats with multiple layers of defense, back up your data regularly, and enforce robust authorization to safeguard against leaks and breaches.
Kontent.ai is committed to aligning with Responsible AI best practices, ensuring AI governance, and complying with relevant laws and regulations. We follow the best practices and standards for AI to guarantee your data security and prevent the misuse of AI for malicious or illegal purposes.Kontent.ai infrastructure is managed as code, which helps us find misconfigurations that could lead to an insecure state in time. That means the Kontent.ai setup is automated and continuously monitored for unexpected changes. If an issue occurs, the setup can be quickly and automatically reverted to an expected previous state.This approach allows for static analysis and regular manual reviews to ensure configurations are secure and adhere to best practices. Moreover, dynamic configuration scanners are in place to validate infrastructure configuration with standards like CIS Benchmarks, Azure baselines, or NIST.Distributed Denial of Service (DDoS) attacks are mitigated by the DDoS protection placed at the edge of our CDN services – Fastly. Microsoft Azure represents a second layer of protection. It’s auto-scaled, filters out communication that tries to bypass Azure’s DDoS protection, and throttles the requests.Regular backups are maintained to protect data against ransomware and other corruption. These backups ensure that data can be restored in the event of an attack and minimize the potential data loss. Special recovery drills are regularly tested to train and test the recovery processes for all the cases when it may be needed, not only due to ransomware.
We automatically review third-party packages. All findings are reported daily to the internal security team or to development to secure the supply chain.
To protect the users who cannot use SSO, for example, multiple controls are in place:
Password policy: On top of regular password policies, such as minimum length and different character groups, our policy prevents users from using their public information in passwords, such as their name or surname. We also prevent using weak passwords with a sequence of characters, such as 123aaa, or reusing known leaked passwords.
Leaked credentials: It’s a common bad practice to reuse the same password for multiple services. To mitigate the impact of data leaks on Kontent.ai and other services, Kontent.ai monitors the use of leaked passwords and helps customers protect their accounts on Kontent.ai and other platforms.
Awareness is the key aspect to mitigating any ongoing attack, outage, or inconsistency in the system in time. The web application firewall proactively protects Kontent.ai interfaces by blocking attackers early during their malicious activity and warns the internal security team about such security events.Â
On top of that, an internal monitoring and alerting solution helps our support team react to various unexpected availability incidents and quickly solve them.
Azure real-time anti-malware detection scans assets uploaded to Kontent.ai. This scanning protects Kontent.ai infrastructure and also helps us to proactively notify customers about suspicious activity.
Regular manual and automatic (SAST and DAST) security reviews are integrated into the development process to identify and address vulnerabilities early on, even before putting vulnerable code into production.
And since nobody is perfect and we also make mistakes, our Vulnerability Disclosure Program (private bug bounty program) provides a safe way for security researchers worldwide to participate in finding and helping fix security vulnerabilities.
Kontent.ai staff is regularly trained to be aware of security threats, common security holes, and methods and insecure practices used by attackers in general.
Logging is essential for keeping your content management system secure, tracking changes, and ensuring compliance. Kontent.ai provides various logs to help you monitor and analyze activities within your projects.Â
Each content item has its own change log with versioning. It’s easy to roll back content to any previous version. This log remains available while the content exists, but disappears with the content item's deletion. It’s possible to find information such as:
Added or removed content or changes in its format
Timestamp and workflow step
Who made the changes
Identity logs capture information related to user authentication and management. These logs are crucial for investigating security incidents and are available for 365 days.
Identity logs include but are not limited to:
Authentication events: Successful and failed login attempts, as well as multi-factor authentication events.
User changes: Password changes, and security configurations like MFA enrollment or email verification.
Administrative actions: Account blocks due to brute-force attacks or logins from prohibited countries.
All HTTP requests and responses to any Kontent.ai interface, such as the Kontent.ai app, Management API, and Delivery API (including all its variants), are logged for 90 days. Support can provide these logs upon request.
HTTP request logs include:
Request details: URL, HTTP method, status code.
Response details: Cache status (HIT, MISS), response time.
Metrics: usage of APIs, request/response size.
Thanks to HTTP request logs, it’s possible to identify undetected changes that are not shown in the environment-scoped audit log, for example, when the environment is deleted.
Audit logs and content change logs are available in the application.
Identity logs and HTTP request logs are available upon support request to prevent exposure to sensitive events.
If you need to track user interactions, review access patterns, monitor content changes, or investigate suspicious activity, Kontent.ai’s support team is available 24/7 to assist you.
Security controls to protect your data | Kontent.ai Learn
Our commitment to transparency and trustVisit the Kontent.ai Trust Center to access comprehensive information on security, privacy, governance, and compliance.
Daniel Filakovsky
5 minutes
Security
, ensuring AI governance, and complying with relevant laws and regulations. We follow the best practices and standards for AI to guarantee your data security and prevent the misuse of AI for malicious or illegal purposes.
Kontent.ai infrastructure is managed as code, which helps us find misconfigurations that could lead to an insecure state in time. That means the Kontent.ai setup is automated and continuously monitored for unexpected changes. If an issue occurs, the setup can be quickly and automatically reverted to an expected previous state.
This approach allows for static analysis and regular manual reviews to ensure configurations are secure and adhere to best practices. Moreover, dynamic configuration scanners are in place to validate infrastructure configuration with standards like CIS Benchmarks