Enterprise data security
Osmos comes with security, reliability, and permissioning built in. Fully SOC II Type 2, HIPAA, GDPR, and CCPA compliant with authentication and credentials fully managed by Osmos.
The highest standards for security and privacy
At Osmos, security and privacy are top priorities. We ensure security in every step of our product development and implementation processes as well as with our employee protocol.
Have a security question? Contact us anytime at firstname.lastname@example.org
Our Commitment to Security
All data, both in transit and at rest, is encrypted utilizing the 256 key bit Advanced Encryption Standard (AES).
Osmos customers own their data, and we commit to keeping customer data strictly confidential. Data stored or accessed by Osmos is only stored/accessed for the purposes of providing services Osmos is contracted to provide.
Osmos utilizes Google Cloud Platform as its web security and web application firewall provider, Osmos benefits from GCP data centers and a network architected to protect your information, identities, applications, and devices.
Our infrastructure is developed primarily in the Rust Programming Language. This provides memory safety (like Java) while providing the performance of C/C++. High-risk data transformations are done inside Web Assembly sandboxes to provide additional security.
Application Password Policy
Passwords are stored with the user identity in the control database. All passwords are stored as salted BCrypt hashes in accordance with OWASP’s recommendation for keyed functions. Customers also have the option of utilizing SSO via SAML.
User access to the application is always via HTTPS, where we support TLS v1.2 or above. All access to our infrastructure is via HTTPS or SSH with key based two factor authentication