Enigma utilizes Amazon's top-tier secure cloud services.
Enigma’s DaaS (Data as a Service) solution is utilizing top-tier secure cloud services provided by Amazon Web Services (AWS).
We take our customers’ trust seriously.
Enigma is trusted by multiple Fortune 500 companies across various industries and some of the country’s largest financial institutions. Our security program is built to exceed their highest security requirements.
Data Security
Data transport
At Enigma, sensitive information is transported over the internet or other public communications only if it is encrypted in transit. Communications between customer and Enigma are encrypted using transport layer security (TLS) encryption for web communication sessions. Enigma regularly updates TLS configuration to ensure only secure encryption ciphers are in use.
Enriching customer data with Enigma's attributes is secure and easy with the console's(link:https://console.enigma.com) secure file exchange feature. Users can upload data using a common file format and securely transmit it through their web browser directly to Enigma's servers. As with other communications, this system uses HTTPS (TLSv1.2+) to ensure the contents are encrypted in transit. Additionally, all files are subject to a scan for malware and viruses. Once on Enigma servers, the data is stored in our SOC 2-compliant production environment with a defense-in-depth strategy including strict access logs and regular audits of all relevant infrastructure.
Encryption-at-rest
All Enigma server storage is encrypted-at-rest, including any metadata, application data and virtual disks the Enigma servers at AWS use to operate.
People
All Enigma employees undergo background checks upon hiring and participate in our security training program.
Security training program
At Enigma, we incorporate security not just as a core feature of our technology, but also as a cornerstone of our company culture. All Engima employees receive security training upon hire and regularly thereafter. Employees have easy access to communication with security to handle any security questions or concerns as they arise.
Software Security
Pen-tests
Enigma’s SaaS applications undergo routine annual penetration tests by third-party security firms. Enigma’s underlying infrastructure is augmented by Amazon AWS’s own independent compliance and security testing, and 24/7 monitoring of security-related events by dedicated teams.
Monitoring & auditing
Enigma has an extensive ongoing security and monitoring in place for its hosted application, including ongoing vulnerability scanning and Intrusion Detection System monitoring of the hosted environment.
Enigma’s security team is alerted to the presence of any anomalies when accessing internal infrastructure, such as including identification of suspicious signs such as failed login attempts, logins from unknown and off-premise IP addresses or logins during off-hours.
Enigma's Responsibilities
- Safeguard your data once you upload it to Enigma
- Ensure up-to-date encryption ciphers are used to protect customer data
- Scan and test our web application and infrastructure for vulnerabilities and resolve any issues
- Make sure our service is operating properly
- Keep up with industry best practices regarding security
- Inform you of any security incidents that might affect your organization
Customer's Responsibilities
- Keeping Enigma API keys and credentials safe and not sharing them
- Making sure devices you use Enigma with are up-to-date, safe to use and free of malware, etc
- Training your staff on cybersecurity awareness and best practices
- Inform Enigma of any security incidents, issues or concerns related to using Enigma
Reporting security incidents
If you suspect a security issue or anyone in your organization's Enigma account may have been compromised, please contact Enigma support at security@enigma.com.
If you are a security researcher who has potentially discovered a security weakness or vulnerability in Enigma's systems, please send an email to security@enigma.com with information and we will provide information on secure responsible disclosure.
Also feel free to e-mail us if you have any questions.