Secure, Audited Infrastructure and Processes

Our customers depend on Amperity to unify customer data and make it usable. We recognize the extraordinary importance of this data, and our critical role in protecting it. The security, integrity, and availability of your data are our top priorities.

Amperity Risk Management Framework

Our Security Principles

Ground-Up Security

The architecture of a system and its security properties are intertwined. Security cannot be "bolted on" to a system that has already been constructed. Amperity has been designed with security as its primary concern from the very beginning. Security is a core part of Amperity’s development process, from initial architecture through deployment and operations.

Automation

Modern systems designed for large scale data processing are extraordinarily complex, requiring coordination of hundreds of machines. Effective security practice in a system of this complexity requires a mastery of change management, and the ability to respond quickly. A complex system without automation is a security incident waiting to happen. Amperity completely automates its systems, from infrastructure provisioning through code deployment. Incident response time is nearly instantaneous regardless of the nature of the issue.

Measure Everything

It is impossible to quantitatively improve something that is not measured or observed. This is particularly true in the domain of security. Attackers work hard to compromise systems and to avoid detection. A breach of an unmonitored system may go unnoticed until it’s too late. Amperity applies comprehensive measures at every layer of the stack to proactively observe anomalies and maintain security visibility across all systems, services, and resources.

People, Process, and Technology

A system’s security is only as strong as its weakest link. Thus, imbalance in focus across the spectrum of security concerns leads to failure. Each concern is necessary, but individually not sufficient. Amperity deeply respects the importance of each area of concern, and constantly works to keep them in ideal balance, ensuring that no single failure puts the security of the system in jeopardy.

People

Security training for all employees as part of onboarding, role-specific training, and ongoing awareness notifications

Criminal and civil background checks performed on all employees

Fully-integrated single sign-on authentication backed by corporate directory

End-user devices fully encrypted

Process

Fully automated management of compute, storage, network, and security infrastructure

Configuration management of operating systems, software, and cloud environment resources

Continuous Integration/Continuous Deployment (CI/CD) with automated testing and resource management

Use of cloud infrastructure providers with ISO 27001, ISO 27018, SOC 2, EU Data Privacy, HIPAA, and multiple other certifications

Fully isolated development, staging, and production environments with granular criteria for code promotion through environments

Detailed change control processes ensure all changes are logged, reviewed, approved, and implemented while conforming to stringent guidelines

Peer code reviews performed on all releases

Business continuity, disaster recovery, and incident response plans

Technology

High security database infrastructure with cell-level access controls, PII segmentation by role, and versioned immutable batches for immediate recovery

In-transit and at-rest data encryption with sharded master keys requiring multiple administrators for use (nuclear keys)

Centralized vaulting and policy management for secrets

Two-factor authentication for all administrative access with role-based security and federated identity management

Time-limited access keys for persistent access

Infrastructure defined as code

Security training for all employees as part of onboarding, role-specific training, and ongoing awareness notifications

Criminal and civil background checks performed on all employees

Fully-integrated single sign-on authentication backed by corporate directory

End-user devices fully encrypted

Fully automated management of compute, storage, network, and security infrastructure

Configuration management of operating systems, software, and cloud environment resources

Continuous Integration/Continuous Deployment (CI/CD) with automated testing and resource management

Use of cloud infrastructure providers with ISO 27001, ISO 27018, SOC 2, EU Data Privacy, HIPAA, and multiple other certifications

Fully isolated development, staging, and production environments with granular criteria for code promotion through environments

Detailed change control processes ensure all changes are logged, reviewed, approved, and implemented while conforming to stringent guidelines

Peer code reviews performed on all releases

Business continuity, disaster recovery, and incident response plans

High security database infrastructure with cell-level access controls, PII segmentation by role, and versioned immutable batches for immediate recovery

In-transit and at-rest data encryption with sharded master keys requiring multiple administrators for use (nuclear keys)

Centralized vaulting and policy management for secrets

Two-factor authentication for all administrative access with role-based security and federated identity management

Time-limited access keys for persistent access Infrastructure defined as code

Unlock Your Customer Data

Privacy Policy

By submitting this form, you agree to our terms and privacy policy. You can manage your communications preferences at any time by clicking “Unsubscribe” at the bottom of any of our emails.