Security at Qohash
Data security is at the heart of Qohash’s mission: our customers trust us with their most sensitive information. We build security into every part of our business so you can rest assured that your data is safeguarded.
Compliance Program
We obtain industry-accepted attestations to give you assurance that our practices are best in class. We are currently in the process of obtaining an ISO/IEC 27001 certification.
SOC 2 Type 2
SOC 2 is an audit report from the AICPA that focuses on controls relevant to security, availability, and confidentiality at a service organization.
Available upon request – ask our sales team for details.
Â
SOC 3
SOC 3 is a general use audit report that focuses on controls relevant to security, availability, and confidentiality at a service organization.
Security, availability and confidentiality services.
Â
Security by Design
The best security tools offer a standard set of essential features that are non-negotiable. Our commitment to secure defaults means that all the following features are included at no extra cost.
Bring Your Own Encryption (BYOK)
Qostodian tracks data, not files. Data is identified by its hash, and none of it leaves your premises without being encrypted using keys that only you control.
Tenant Isolation
Your data and resources are completely separated from other customers in every data store. We prioritize strong isolation to ensure the protection of your data, reducing any risk of unauthorized access or disruption from other tenants.
Single Sign-On (SSO)
Every tier includes SSO access, allowing users to log in using their existing corporate identity. Multi-factor authentication (MFA) is always enforced.
Role-Based Access Control (RBAC)
RBAC allows access levels to be based on specific roles, ensuring users have the appropriate permissions for their responsibilities. Qostodian also offers the ability to create custom roles, helping you to align with the principle of least privilege.
Directory Integration with Automatic Synchronization
Qostodian simplifies user management by integrating with Azure Active Directory (AD). User identities are synchronized, reducing the administrative burden of removing inactive users.
IP Whitelisting
Access to each tenant on the platform is always restricted to a list of known IP addresses, helping you to reduce your attack surface and prevent unauthorized access.
Audit Trails
Comprehensive activity logs capture sensor management, administrative, and platform configuration changes. By default, these logs are protected against deletion to ensure non-repudiation. You can easily retrieve audited events from a GraphQL API for integration with your log management tools.
Â
Strong Security For Peace of Mind
Qohash believes that strong security starts with its own practices. We have implemented a standards-based security framework that encompasses every aspect of our operations, from development to deployment and ongoing maintenance. Our commitment to security is reflected in our continuous investment in industry-leading practices, robust processes, and regular training for our team to ensure that we stay ahead of the evolving threat landscape.
Qohash prioritizes resilience as a core value, fostering a culture of awareness, responsibility, and vigilance among all team members. We promote security best practices and ensure that security considerations are embedded in every aspect of our operations.
We follow a robust DevSecOps approach, integrating security practices into the entire software development lifecycle. This enables us to identify and address security vulnerabilities early on, reducing the risk of potential threats and ensuring the security of our product.
To ensure the effectiveness of our security measures, we engage in regular external verification processes. We collaborate with independent security auditors and experts who evaluate our systems, processes, and controls to validate the security of the platform.
Qohash is committed to a process of continual improvement to enhance the security of our products and maintain a proactive stance against emerging threats. We regularly assess our security practices, conduct risk assessments, and stay up to date with the latest security trends to ensure that our customers’ data and systems remain protected.
Responsible Disclosure Statement
We appreciate any effort to discover and coordinate the disclosure of security vulnerabilities. If you would like to report a vulnerability in one of our products or services, or have security concerns regarding Qohash systems, please email [email protected]. It is important to note that any unauthorized testing, including attempts to degrade or intentionally harm the Qohash service, is strictly prohibited. Such actions will not be tolerated, and we reserve the right to take legal action against individuals engaged in such activities.
To support a timely and effective response to your report, please include any of the following:
- Steps to reproduce or proof-of-concept
- The name of any relevant tools, including versions used
- The output of tools used
