Security

Security is our top priority. Before building a slick user interface and advanced workflow tools, we made sure to bake security into our platform. Data is encrypted, storage is secure, and access is strictly controlled.

Our engineers have PhDs from prominent research institutions and work experience from leading Silicon Valley software companies. Our engineers have built cutting-edge software for the CIA, FBI and top financial institutions.

A few of our industry-leading security features are outlined below. Please don’t hesitate to contact our team if you’d like to learn more.

 

Infrastructure

Encryption

All data transmitted to the Anduin system from clients is encrypted using HTTPS and  SSL. Our user data and critical infrastructure configurations are encrypted using an industry leading algorithm. All encryption keys are protected by a key management system built on Amazon Web Services -- strong logic and physical security controls are present at each location to prevent unauthorized access. 

Enterprise network security

Anduin servers are protected behind a firewall to control both internal and external traffic. We use virtual networks to isolate and protect our systems. 

Internal data access

Anduin employees follow industry best practice with defined procedures and controls to limit access to customer data. Our employees do not have direct access to customer data. We sanitize documents, anonymize and remove identifying information to protect customer privacy.  

Monitoring, alert and response

Anduin’s IT team maintains up-to-date operating systems across our network. Verified security patches are deployed as they’re released. We continuously monitor for both malicious and accidental incidents.

Backups and disaster recovery

User data and files are backed up throughout the day and federated across our secure data centers. Automatic recovery systems are in place to ensure continuous use should something go awry.

Email security

Anduin uses industry-standard encryption for SMTP communication channels through Transport Layer Security (TLS). We enforce the legitimacy of the TLS certificates for email exchange.

 

Application security

Audit logs

All actions in the system are logged in an immutable audit trail accessible to system administrators. Anduin provides a suite of tools to search, filter, and report on these actions.

User authentication and authorization

Anduin enforces a strong password policy paired with industry standard JSON Web Token (JWT) user authentication. Sessions are automatically timed out to inhibit unauthorized access.

We implemented industry standards for Single sign-on, OAuth, and two-factor authentication.

Team security

Anduin’s robust permission and user management system gives our customers complete control to easily grant and remove user access to a particular deal.