© Copyright 2020. Derisk Corp. All Rights Reserved.

Platform Security Features

Transport Security

The vCISO platform enforces TLS 1.1 or greater for all browser sessions, ensuring data-in-transit is always protected from eavesdropping.

Storage Security

The most sensitive elements of data stored in the platform are encrypted in the database using strong, modern ciphers.

Infrastructure Isolation

vCISO is hosted using a Kubernetes container-based architecture which provides many built-in benefits, including isolation from cloud-native threats.

Attack Mitigation

Data integrity and privacy is further protected from many types of application-layers attacks and other OWASP Top 10 threats by an enterprise-grade web application firewall (WAF).

Additionally, we leverage an advanced global CDN to provide DDoS mitigation services ensuring the platform remains available, even under attack. Origin cloaking technology in the network prevents sophisticated attackers from bypassing DDoS mitigation capabilities using tools like Cloudpiercer.

Operational Certifications

Derisk's hosting facility is annually accredited by the AICPA for SOC 2 Type I compliance, covering the Security and Availability Trust Services Criteria.