Security

Infrastructure Security.

Traces is following a multi-cloud deployment strategy by distributing critical infrastructure between several providers like Amazon Web Services (AWS) and Google Cloud Platform (GCP). Both AWS and GCP data centers are SOC 1, SOC 2, and SOC 3 certified. Government agencies can request AWS GovCloud deployment.

Security Protocols

Traces is following exceptional security protocols both internally and in our work with partners. We build our infrastructure on top of global cloud providers that are regularly audited and certified.

At-Rest Encryption

Traces uses multiple layers of encryption to protect data at rest including SSDs, backups, and cloud storage. AES 256 is used for encryption by default without any action from the customer.

Automatic Backup

All critical infrastructure at Traces Cloud is automatically replicated and backed up to multiple regions. No matter what happens to the primary data center or even the whole region your data will be safe.

Data Residency

Traces global infrastructure is designed to provide data processing and storage inside the country or region of its origin. Stay compliant with local regulations and benefit from low-latency communication.

Application Security.

Much like technology, security threats are continuously evolving. We have introduced effective mechanisms to limit the negative impact of errors and newly discovered vulnerabilities on our services.

Active monitoring

Important events from applications and other sources are collected and monitored in near-real time. Automated rules are created to take timely action to specific events and alarm about discovered anomalies.

Software Updates

We use automation to regularly update, patch, and secure applications across the whole infrastructure. This process helps us to protect our services from the latest threats and maintain the top shape.

Penetration Tests

Traces works with industry-leading security experts to continually run infrastructure and application layer penetration tests.

Development lifecycle

We utilize a variety of manual and automated security checks throughout the whole development lifecycle of our applications.

Operational Security.

Security is an integral part of our operations at Traces. We have implemented various methods to reinforce best practices and to get effective countermeasures against various threats before they become problems.

Audit Logs

All actions and changes in Traces infrastructure are recorded for after-the-fact investigations and near-real time interventions. Comprehensive logs help to reveal who has accessed any given system, and what changes they have made.

Employee Training

Our employees learn about the latest security challenge by completing Traces annual training. This program covers various topics including but not limited to cybersecurity, social engineering, data protection, and many more.

Data & Access Control

The amount of customer data on Traces Cloud is very limited and saved in an encrypted form. Access is logged and strictly limited only to authorized employees who require it for their job.

Multi-Factor Authentication

All our employees are using robust MFA systems from industry-leading providers to access Traces infrastructure. Any attempts to log in without a valid MFA are prohibited, logged, and investigated.

Network Security.

One of the most critical components of any system security is network. Traces strives to ensure that your data is protected as it’s transmitted to and within our infrastructure.

Encryption in Transit

Traces employs one of the best measures to help ensure authenticity, integrity, and privacy of data in transit. Data is protected by TLS with strong 2048-bit private keys and encrypted with AES 128 while it moves between sites.

No Port-Forwarding

Traces API utilises only standard ports so there is no need to introduce excessive complexity to your firewall rules. All communications are protected with HTTPS over TLS v1.2 so all the data is going through the secure Port 443.

Network free mode

For the on-premise deployments, we do not require internet or network connectivity even for licensing purposes. This is an ideal solution for sensitive data that can be stored and processed only in air-gapped systems.

Ethical Hacking Policy.

Data security is a top priority for Traces. We acknowledge that security weaknesses can be identified in any technology and that’s why we are always welcomed Ethical Hacking. If you believe you’ve found a security vulnerability in Traces Cloud service, please notify us ASAP.

Disclosure Policy

Please notify us about a discovered vulnerability by email security@traces.ai
Provide us with a reasonable amount of time to
resolve the issue before disclosing it to the public and
third party.

Please refrain from

In your attempts to discover potential weaknesses please make a good faith effort to avoid violating the privacy, destroying data, interrupting or degrading Traces service, DDoS, and/or any physical attacks against infrastructure.