Secure, Audited Infrastructure and Processes

Our customers depend on Amperity to unify customer data and make it usable. We recognize the extraordinary importance of this data, and our critical role in protecting it. The security, integrity, and availability of your data are our top priorities.

Our Security Principles

  • Automation
    Modern systems designed for large scale data processing are extraordinarily complex, requiring coordination of hundreds of machines. Effective security practice in a system of this complexity requires a mastery of change management, and the ability to respond quickly. A complex system without automation is a security incident waiting to happen. Amperity has completely automated its systems from infrastructure provisioning through code deployment, so incident response time is nearly instantaneous regardless of the nature of the issue.
  • Ground-up security
    The architecture of a system and its security properties are intertwined. Security cannot be “bolted on” to a system that has already been constructed. Amperity has been designed with security as its primary concern from the very beginning. Security is a core part of Amperity’s development process, from initial architecture through deployment and operations.
  • Measure everything
    It is impossible to quantitatively improve something that is not measured or observed. This is particularly true in the domain of security. Attackers work hard to compromise systems and to avoid detection. A breach of an unmonitored system may go unnoticed until it’s too late. Amperity applies comprehensive measures at every layer of the stack to proactively observe anomalies, and maintain system-wide security eyes wide open.
  • People, Process, and Technology
    A system’s security is only as strong as its weakest link. Thus, imbalance in focus across the spectrum of security concerns leads to failure. Each individual concern is necessary but not sufficient. Amperity deeply respects the importance of each area of concern, and constantly works to keep them in ideal balance.

Our Comprehensive Approach to Security

Technology Highlights

  • High Security Database Infrastructure
    • Encrypted database storage with cell-level access control
    • PII segmentation by role
    • Versioned immutable batches for instant recovery
  • Cryptography
    • All data encrypted in transit, all intermediate storage encrypted
    • Central policy management for secrets
    • Sharded master keys requiring multiple administrators (nuclear keys)
  • Network
    • Secure, automated network configuration
    • Segmented networks
    • Firewalls, bastion hosts, VPNs

Infrastructure Highlights

  • Fully Automated Infrastructure
    • Cloud Resources (compute, storage, network, firewall, security groups)
    • Configuration Management (OS, software, environment)
    • Deployment (CI, CD, automated testing, automatic resource management)
    • Built on infrastructure providers with ISO 27001, ISO 27018, and SOC 2 certifications
  • Change Management
    • Development, staging and multiple production environments
    • Infrastructure evolved via scripts, code reviewed and tested in multiple environments
    • All changes are logged for auditing purposes
  • Authentication & Authorization
    • Two factor authentication for administrative access
    • Role-based security and federated identity
    • Access keys which are generated on behalf of user accounts are time limited

Team Background

We have significant security expertise on our team. Some highlights from our team’s decades of experience securing at scale systems:

  • Management of Amazon’s petabyte scale retail data warehouse
  • Securing healthcare data collected and used in 100+ countries
  • Ground up implementations of secure DRM systems
  • Extensive experience with key management using HSMs and software based methods
  • Cryptography experience, including code signing and verification
  • Protection of large scale consumer data at Facebook
  • Academic research on data security and privacy
  • Centralized secret management

Security Building Blocks: People & Process

  • Security training
  • Change control process
  • Code reviews
  • Background checks
  • Rigorous monitoring
  • Single sign on backed by corporate directory
  • Data security tiers
  • Incident response plans
  • Disaster recovery plans
  • All company devices fully encrypted

Ready to get started?