IT-Security is a key element of Altoo's wealth platform that we constantly invest in to maintain and even increase the level of security we achieved today. We have in terms of data encryption and protection a setup which is state of the art. An interactive overview can be seen on sec3d.altoo.io
Altoo defined a mission for its information. That board approved document defines the goals of our CISO (Chief Information Security Officer). It classifies the sensibility of all our data and documents and their need for protection in regard of confidentiality, availability and integrity.
In our ISMS (Information Security Management System) we model our business processes and infrastructure, we analyze threats, define protective measures, their priority and track their implementation state.
A corporate information security policy is part of our employee's contract that raises awareness and defines common behavior for all kind of situations to prevent security incidents.
Further, a central piece of our organizational measures is the strict application of the need-to-know principle. Developers and even IT operations do not have access to client data. Client names are generally anonymized via alias and only visible where necessary (e.g. front support).
All relevant operations, including all security related tasks on our infrastructure and for our platform are executed in-house by our own trusted Swiss based employees. Consequently, our hiring process is designed to not only check for technical skills and likeability, but also thoroughly elaborate on each candidate’s character and background. We need to make sure, that every colleague earns our trust and embraces our culture of security awareness.
The technical operation of our platform contributes a lot to security. All these processes have an integral security part.
We have a multi stage backup strategy. With live system redundancy, all components and data is kept redundantly, we increase availability and prevent data loss. Additional data loss prevention includes frequent backup copies to different fire zones, backup mirrors down to offsite copies in a bank vault.
Our IT specialists patch our systems frequently following checklists to make sure latest security patches on all systems, in all tools and for all hardware are applied.
Each release is automatically penetration tested in our integration test environment. This includes black box testing of many components, as well as gray box testing – meaning that a valid login is used to execute tests – of our platform solution. This includes the use of the latest CVE (Common Vulnerabilities and Exposures) tests database.
All our infrastructure is constantly monitored for suspicious indicators which are then alerted and analyzed. Evidently, we inspect the systems health the same time also caring for availability and stability.
Even our development process includes many security related steps.
Our code review process guarantees a four-eye principle on all code changes, which increases code stability, spreads know-how to reduce key people risks, and also prevents malicious code changes.
Our build server automates testing and deployments. The thousands of automated tests of components up to whole test environments also help to keep our availability high by continuously verifying the stability and security of our solution. Automates deployments reduce the error prone manual interactions and speed up deployments.
Each release candidate needs to get a business sign off in our UAT (User Acceptance Test) environment, which includes automated tests as well as a thorough manual testing, and a technical sign off in our INT (INtegration Test) environment, where the collaboration of all components is verified and also the above mentioned penetration tests must be passed.
All data is stored in Switzerland. Switzerland's combination of neutrality, stable political environment, low corruption and well-developed data infrastructure makes it a top country for building and maintaining data storage facilities for sensitive content.
Working with very sensitive data we chose highest data security level. The technical term is “Rated-4: Fault Tolerant Site Infrastructure” out of maximal 4 levels as defined in the standard TIA-942 by Telecommunications Industry Association. Beyond security consideration, also the energy efficiency (PUE) of the data center was important for us. Additionally, our hardware and our data is distributed over two separated fire zones within the data center. This standard defines the high requirements on availability and security concerning man locks, video surveillance, access protocols, redundancy power supply and cooling.
So even from our office, requiring employee badges for access control, our staff works with remote virtual workstations – so called jump hosts – running in the data center to support our clients with their wealth data.
First, our data is stored redundantly across at least 3 data nodes. Our persisted data ("data-at-rest") is encrypted individually by entity. For the thousands of keys necessary we use a cluster of tamper proof physical key store units, Hardware Security Modules (HSM).
This means that even if you manage to get physical access to the servers, you cannot decipher a meaningful set of data unless you also have access to not only one but a set of security keys which are stored only in the HSMs and can never leave these units. Any mechanical attack will result in the automatic deletion of all stored keys of that HSM (tamper proof devices).
An outer firewalls protects all of our infrastructure from malicious traffic from the internet. The DMZ (DeMilitarized Zone) behind that outer firewall hosts proxies for various services inspected, such that there is no direct traffic from the internet to the internal infrastructure. Especially to mention are our security gateways, that act as SSL endpoints and are responsible to authenticate and inspect all of Altoo's platform traffic.
An inner firewall of another brand separates the DMZ from all inner infrastructure. But also many different segments within the inner infrastructure can only communicate together through this inner firewall. This prevents a lot of unwanted traffic between any internal tools.
Evidently all traffic with sensitive customer data ("data-in-motion") is encrypted.
Altoo's platform includes an own Identity Provider using the OpenID Connect standard. That specialized component is responsible to authenticate any session with Altoo's platform. Currently it uses a multi factor authentication: a client certificate, a password and a secret on an independent device (with Altoo's mobile app – as commonly used in 2FA solutions).
Given an identity the platform then verifies each interaction with the assigned role, the data ownership and the interaction's context to authorize data access. That authorization logic is separated from the general business logic, which further improves its consistency and reliability.
Evidently, we also use different security software to scan our network traffic, or specifically our emails, protect our servers and endpoints.
To get to know more about detailed technical aspects e.g. firewalls, authorization logic, data encryption please visit sec3d.altoo.io