Keytrack® at its core was designed with security in mind. The architecture is based on best practice development principles separating file and associated meta data, and keeping environment data separate and encrypted in transit and at rest.
Keytrack divides its systems into separate environments to better protect sensitive data. Systems supporting testing and development activities are hosted in a separate environment from systems supporting our production infrastructure. All servers within our production fleet are hardened (e.g. disabling unnecessary ports, removing default passwords, etc.) and have a base configuration image applied to ensure consistency across the environment.
Network access to our production environment from open, public networks (the Internet) is restricted, with only the required production servers accessible from the Internet. Only those network protocols essential for delivery of Keytrack’s service to its users are open at our perimeter.
Keytrack is deployed on cloud infrastructure. We utilise data centres which are at the forefront of technology, using innovative architectural and engineering approaches, and the latest in cloud technologies and infrastructure design.
Physical access is strictly controlled both on the perimeter and the construction of entry points by professional security staff using video surveillance, intrusion detection systems, biometric analysis, and other electronic means.
Our in-transit encryption ensures that messaging, data, and file transfers are all secured while in transit to the latest global standards with similar technology as used in many banking platforms. All http calls are encrypted with SSL at transport layer, and API data is also encrypted at message layer by using our inbuilt MLS encryption of API payload.
Keytrack supports the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols at a minimum, AES256 encryption, and one way SHA2 hashing where possible.
Keytrack stores the documents that you request in our cloud infrastructure facilities. The original files and the customer data are split, isolated and placed in different locations and accessed using only secure keys. Access to these files is only via authenticated calls through the Keytrack file proxy.
We leverage best practice programming techniques applicable to the software industry wherever possible. All our products and solutions follow a quality assurance path through our software development lifecycle.
To minimize the risk of data exposure, Keytrack adheres to the principles of least privilege and role-based permissions when providing access. Staff are authorized to access only the data that they reasonably must handle in order to carry out their roles. All production access is reviewed at least quarterly.
To further reduce the risk of unauthorized access to data, Keytrack requires complex passwords for all access to systems with highly classified data, including our production environment, which houses our customer data.
Keytrack outsources some of its services. Where those organizations may impact the security of Keytrack’s production environment, we take appropriate steps to ensure our security posture is maintained.
We do this by ensuring service organizations selected protect customer confidentiality through established and maintained certifications against one or more international standard such as SOC Type II, ISO 27001, and PCI as a minimum.