SECURITY AT DAYTA
Enterprise-grade data and network protection
All communications inbound and outbound from our software are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.
All information at rest in our database and data centers are encrypted with key management service that uses hardware security modules (HSMs) that have been validated under FIPS 140-2.
Web and Network Protection
Dayta monitors and mitigates potential attacks with several tools, including firewalls implemented in all layers from application to network. In addition, our infrastructure contains Distributed Denial of Service (DDoS) prevention defenses to help protect your data and access to our products.
Software Development Lifecycle (SDLC) Security
Dayta implements very strict static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.
Dayta products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.
Dayta implements automated patch management service integrated with our software development lifecycle that identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.
Audits, Vulnerability Assessment & Penetration Testing
Dayta tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.
External Audit & Certification
Dayta is in progress of audit and certification process for industry standard cloud security and privacy protection with third party auditors.