Our customers depend on Amperity to unify customer data and make it usable. We recognize the extraordinary importance of this data, and our critical role in protecting it. The security, integrity, and availability of your data are our top priorities.
The architecture of a system and its security properties are intertwined. Security cannot be "bolted on" to a system that has already been constructed. Amperity has been designed with security as its primary concern from the very beginning. Security is a core part of Amperity’s development process, from initial architecture through deployment and operations.
Modern systems designed for large scale data processing are extraordinarily complex, requiring coordination of hundreds of machines. Effective security practice in a system of this complexity requires a mastery of change management, and the ability to respond quickly. A complex system without automation is a security incident waiting to happen. Amperity completely automates its systems, from infrastructure provisioning through code deployment. Incident response time is nearly instantaneous regardless of the nature of the issue.
It is impossible to quantitatively improve something that is not measured or observed. This is particularly true in the domain of security. Attackers work hard to compromise systems and to avoid detection. A breach of an unmonitored system may go unnoticed until it’s too late. Amperity applies comprehensive measures at every layer of the stack to proactively observe anomalies and maintain security visibility across all systems, services, and resources.
A system’s security is only as strong as its weakest link. Thus, imbalance in focus across the spectrum of security concerns leads to failure. Each concern is necessary, but individually not sufficient. Amperity deeply respects the importance of each area of concern, and constantly works to keep them in ideal balance, ensuring that no single failure puts the security of the system in jeopardy.
Security training for all employees as part of onboarding, role-specific training, and ongoing awareness notifications
Criminal and civil background checks performed on all employees
Fully-integrated single sign-on authentication backed by corporate directory
Fully automated management of compute, storage, network, and security infrastructure
Configuration management of operating systems, software, and cloud environment resources
Continuous Integration/Continuous Deployment (CI/CD) with automated testing and resource management
Use of cloud infrastructure providers with ISO 27001, ISO 27018, SOC 2, EU Data Privacy, HIPAA, and multiple other certifications
Fully isolated development, staging, and production environments with granular criteria for code promotion through environments
Detailed change control processes ensure all changes are logged, reviewed, approved, and implemented while conforming to stringent guidelines
Peer code reviews performed on all releases
High security database infrastructure with cell-level access controls, PII segmentation by role, and versioned immutable batches for immediate recovery
In-transit and at-rest data encryption with sharded master keys requiring multiple administrators for use (nuclear keys)
Centralized vaulting and policy management for secrets
Two-factor authentication for all administrative access with role-based security and federated identity management
Time-limited access keys for persistent access