Platform Security

Infrastructure Security

Modzy was built to be run On-Premise or Air-gapped to meet the most stringent security and compliance requirements. Alternatively, get started quickly in the Cloud (AWS, Azure and with our pre-made Terraform Templates built to comply with moderate-level controls found within NIST 800-53.

Application Security

Encryption In Transit

All traffic coming into Modzy is encrypted using TLS 1.2 or higher. Each customer is able to use their own domain and a TLS certificate issued by their preferred Certificate Authority.

Encryption At Rest

Modzy encourages the use of encrypted volumes, object stores, and databases. Our Terraform Templates set up encryption at rest by default for all data storage locations. Sensitive data submitted to Modzy will be just-in-time encrypted before storage and can only be decrypted by the services that require the ability to read it. This ensures that even if your encrypted storage has unauthorized access that your data will remain safe.

Role-Based Access Control

• All privileged access to Modzy user interfaces and APIs is governed by role-based access control
• Single-Sign On (SSO) compatibility for User Interface Access
• User-interactive access integrates with your existing SAML2.0-based SSO identity provider

API Key Security

Programmatic access to the Modzy API uses a Modzy-issued API Key. All Modzy-issued API Keys are assigned to a person for auditing and accountability. Modzy-issued API Keys are viewable in their full plaintext form exactly once on issue, afterward half the key is permanently one-way encrypted to prevent future access. The unencrypted portion of the key is used to identify which key was used to perform every action against the Modzy API.

Software Security

All Modzy software is delivered via OCI-compliant containers that are verified to be free of Critical and High CVEs.