SkyDeck.ai Security Practices

As of November 1st, 2023

All our components are hosted within a secure VPC and data is encrypted at rest with AWS KMS using AES-256. Furthermore, we employ TLS 1.2 or higher for encryption in transit.
Our application secrets are also securely encrypted at rest with KMS and AES-256.

In addition to encryption at rest we provide optional enhanced security features around user conversation content and conversation names.

We can provide a second independent layer of encryption of conversation data at rest. The advantage of this approach is redundant security. But this comes at a cost of an extra layer on decryption when conversations are displayed or used in searches. This is an option in Control Center for enterprise customers.\
Every user can hold the encryption keys to their own conversation data at rest. In this way we only have access to their conversation data while they are logged into our system. When they log out, the data is encrypted and we have no record of the decryption key. We use an independent hash of the user's password to implement that encryption. We do not store the password, and the hash exists only while the user is logged in. The advantage of this approach is that no one can access user data if the user simply stops using the platform. The data is effectively gone when not actively in use by the user. The disadvantage of this approach is that if the user loses their password they lose all of their conversation data without any recourse. Another disadvantage is that displaying and working with conversation data will be slower and more laggy. Also, changing the user password will be a slower process because all data will need to be decrypted and re-encrypted. This is an optional feature for enterprise customers.

SkyDeck.ai implements regular penetration testing and conducts vulnerability scanning at crucial stages of our Secure Development Lifecycle (SDLC).
Our security strategies include both black-box and grey-box testing during penetration testing.
We utilize various methods to ensure the security of our system, including Static analysis, Software composition analysis, Malicious dependency scanning, Dynamic analysis, and Network vulnerability scanning.

We leverage reputed SSO services for securing our identity and access management.
Access to applications is role-based and is automatically revoked upon the end of employment.
Any further access must comply with the policies set for each application.

We guarantee that all customer data is encrypted both at rest and during transit.
AWS Key Management System (KMS) is responsible for managing our encryption keys.

Comprehensive security training is provided to all employees during their onboarding process and is refreshed annually through educational modules within our platform.
Our team shares regular threat briefings in communication channels to keep them informed of important security updates.

We ensure secure remote access to internal resources using WireGuard.
To provide an additional layer of protection, we also use malware-blocking DNS servers to safeguard employees and their endpoints while browsing the internet.

Last updated 5 hours ago