Entegral is a SaaS company that takes API security very seriously as it is at the heart of our business and supports all that we do.
Here is a brief overview of how we ensure secure and reliable service to our customers.
Security During Development
Entegral has implemented industry-leading practices to ensure that our services are secure, and your data is protected at all points within our platform.
Authentication
Authentication is performed by the AuthN servers of industry-leader Okta to generate tokens with a short-lived TTL and strict adherence to the OAuth 2.0 protocol
Authorization
We define and enforce access controls to ensure that only authorized users or systems can access specific API resources and data
Token Management
We have a system and processes in place to manage and revoke tokens, especially in the case of lost or compromised access credentials
Adopting best practices allows us to ensure the integrity of our platform and your data while preventing malicious actors from exploiting the system.
HTTPS/TLS Encryption
We ensure the security, integrity, and availability of data throughout our platform by leveraging TLS across our connections
Input Validation
We validate and sanitize input data to prevent injection attacks, such as SQL injection or cross-site scripting (XSS)
Secure File Uploads
APIs which involve file uploads implement proper validation, file type checks, and storage security to prevent malicious uploads
Error Handling
We provide minimal error information in API responses to avoid exposing sensitive details that could be exploited by attackers
API Versioning
We implement versioning to allow for updates to our APIs without disrupting existing users, minimizing security risks associated with deprecated versions
Governance & Compliance
Data Privacy
We adhere to all data protection regulations and ensure that sensitive information is handled securely, with appropriate encryption and storage practices
Compliance
Our GRC team stays informed about industry-specific regulations and standards related to data security and works to ensure we maintain compliance with these requirements and align with industry best practices
Security of our Platform
Entegral’s platform runs on the Google Cloud Platform and workloads run on Google’s best-in-class managed Kubernetes Engine.
Control plane security
Node security
Network security
Securing our workloads
API Monitoring & Testing
With robust tooling and regular third-party assessments and penetration tests, we can ensure that our APIs are free from vulnerabilities that present significant risks to the organization and our customers.
Security Testing
We have implemented SAST, DAST, dependency scanning, and secrets scanning to ensure our APIs do not expose us to unnecessary risk
Security Assessments
We regularly conduct third-party security assessments, and teams conduct code reviews to identify and address vulnerabilities
Rate Limiting
We implement rate-limiting mechanisms to prevent abuse, DDoS attacks, or other abusive behavior
Audit Trails & Logging
We keep detailed logs of API activities for auditing & monitoring, aiding in identifying and responding to security incidents
Operations & API Security
Entegral has put in a lot of work to ensure that we deliver resilient API services to our customers.
This means that they are designed to withstand and recover from unexpected disruptions, such as network failures, power outages, or cyber attacks. In the event of a catastrophic event, we have plans and processes in place to recover quickly with minimal disruption to our customers.
Incident Response Plan
We have a company-wide process to efficiently identify, address, and mitigate security incidents
Business Continuity Plan
We have a plan in place to ensure that we can quickly recover in the event of an outage or disaster
Employee Training
We educate developers about secure coding practices and the importance of API security
