Network Security

Zero Trust Access

We follow zero-trust principles: no user, device, or service is trusted simply because of where it sits on the network. Every request is authenticated and authorized on its own merits, and being inside our network grants nothing by itself. Multi-factor authentication is enforced for all administrative access, role-based access control governs every action, and tenant identity is re-verified by middleware on every single request. Access is granted on least privilege and validated continuously, not once at login.

Private Network Isolation

Our services run inside a private cloud network rather than on the open internet. Components are placed in segmented internal networks, and only the handful of services that must be publicly reachable are exposed at all. Traffic between internal services flows over the cluster network under default-deny policies, so each component can talk only to what it is explicitly permitted to reach. Internal communication is encrypted, and a lateral move from one compromised component to the rest of the platform is contained by design.

Edge Protection

Before traffic reaches the application it passes through an edge security layer that absorbs volumetric attacks and applies rate limiting and automated bad-actor filtering. The details of our edge and denial-of-service protection are documented on our Infrastructure page.

What this means for customers

• Zero-trust model: no user, device, or service trusted by default
• Every request authenticated and authorized on its own merits
• Multi-factor authentication enforced for administrative access
• Private, segmented network with default-deny internal policies
• Encrypted internal traffic, nothing exposed to the public internet without reason