fabric enforces strong security measures across its platform. This topic outlines key fabric security practices.

Authentication and Access Control

Access to fabric systems is controlled and monitored.

  • Authentication: All users must authenticate through secure login procedures. Multi-factor authentication is supported where applicable.
  • Access Control: Role-based access control ensures users only have access to the data and actions that are relevant to their role. Permission can be scoped by:
    • Tenant: Restricts access to a specific customer or environment
    • Module: Restricts access to specific services or features.

Data Encryption and Storage

fabric protects customer data through robust encryption practices and secure infrastructure.

  • Data at Rest:

    • Encrypted using industry-standard algorithms such as AES-256.
    • Stored in secure cloud environments with restricted access controls.
    • Backups ensure data durability and support recovery.

  • Data in Transit:

    • Secured using HTTPS and TLS 1.2 or higher.
    • Applies to all external and internal service communications.

  • Ongoing Security Monitoring:

    • Continuous monitoring is in place to detect vulnerabilities in storage and infrastructure.
    • Infrastructure and services are reviewed to maintain compliance and security standards.

Tenant Isolation

fabric enforces strict separation between tenants to ensure data integrity and privacy.

  • Each tenant’s data is isolated at all levels of the platform.
  • Access controls are implemented programmatically and enforced across services.
  • Controls are reviewed to ensure consistent tenant separation.

Monitoring, Auditing, and Incident Response

fabric actively monitors its systems to maintain platform security and ensure rapid response to potential issues.

  • Monitoring and Alerts:

    • Continuous monitoring detects unauthorized access, anomalies, and system failures.
    • Real-time alerting systems notify teams of suspicious activity.

  • Auditing:

    • All access logs and system changes are recorded and auditable.
    • Logs are retained based on internal data retention policies.

  • Incident Response:

    • Defined procedures ensure rapid triage and remediation.
    • Relevant stakeholders are notified during incidents as part of the response process.

Secure Software Development

fabric integrates security into every stage of the software development lifecycle.

  • Code Reviews:

    • All code is reviewed for security vulnerabilities before deployment.

  • CI/CD Safeguards:

    • Continuous integration and deployment (CI/CD) pipelines enforce automated build-time checks and security gates.

  • Developer Training:

    • Developers receive ongoing training in secure coding practices and industry-standard security protocols.

Regulatory Readiness and Data Governance

fabric implements data protection and privacy controls aligned with industry standards.

  • Data Protection Principles:

    • Core practices such as encryption, access control, and secure storage are enforced across the platform.

  • Governance Policies:

    • Internal policies define how customer data is collected, accessed, retained, and deleted in accordance with applicable laws and regulations.

  • Transparency and Accountability:

    • fabric maintains clear processes for data handling and supports customer compliance with regional regulations, such as privacy and data residency requirements.