Ambassify maintains a secure operating environment through strict separation of systems, continuous monitoring, and proactive vulnerability management. Our infrastructure is designed to detect, prevent, and respond to threats before they affect your data.

Environment Separation

Production systems are isolated from all other environments to protect live data.

  • Strict Separation: Production, staging, and development environments are fully separated from one another.
  • No Production Data in Testing: Production data is never used in non-production environments.
  • Synthetic Test Data: Only anonymized or synthetic data is used for development and testing purposes.

Configuration Hardening

Systems are locked down to reduce the attack surface and eliminate unnecessary risk.

  • Hardening Standards: All systems are configured following established security hardening standards.
  • No Default Credentials: Default credentials and unnecessary services are removed before deployment.
  • Single-Function Containers: Each container serves a single function to minimize its attack surface.

Malware Protection

Devices and cloud infrastructure are protected against malicious software and unauthorized changes.

  • Endpoint Protection: All company devices run endpoint protection software.
  • Cloud Monitoring: Cloud infrastructure is continuously monitored for threats and anomalies.
  • Regular Patching: Systems are updated and patched regularly to address known vulnerabilities.

Logging and Monitoring

Comprehensive logging provides visibility into system activity and supports incident investigation.

  • Centralized Logging: All security-relevant events are collected in a centralized logging system.
  • Detailed Records: Logs capture user actions, access attempts, and configuration changes.
  • 30-Day Retention: Logs are retained for a minimum of 30 days.
  • Tamper-Proof Storage: Logs are stored in tamper-proof storage to preserve their integrity.
  • No Sensitive Data in Logs: Log entries never contain sensitive data or request payloads.

Vulnerability Management

Proactive scanning and clear remediation timelines keep our systems protected against known threats.

  • Quarterly Scans: Public-facing systems undergo vulnerability scans every quarter.
  • Annual Penetration Testing: An independent external party conducts a penetration test at least once per year.
  • Remediation Timelines: Identified vulnerabilities are addressed based on severity:
    • Critical: 15 days
    • High: 30 days
    • Medium: 60 days
    • Low: 90 days

Network Security

Network-level controls restrict traffic and prevent unauthorized communication between systems.

  • Network Segmentation: Systems are segmented with access controls to limit lateral movement.
  • Firewall Reviews: Firewall rules are reviewed regularly to ensure they remain appropriate.
  • Anti-Spoofing: Anti-spoofing measures are enabled to prevent forged network traffic.
  • Session Timeout: Network sessions are terminated automatically after a period of inactivity.

Physical Security

Ambassify is a fully remote company. All infrastructure is hosted on Amazon Web Services (AWS).

  • AWS-Managed Facilities: Physical security of data centers is managed entirely by AWS.
  • Certified Data Centers: AWS data centers hold industry-leading certifications including SOC 2 and ISO 27001.
  • More Information: For details on AWS physical security controls, see the AWS physical security documentation.