fabric enforces strong security measures across its platform. This topic outlines key fabric security practices.

Authentication and Access Control

Access to fabric systems is controlled and monitored.
  • Authentication: All users must authenticate through secure login procedures. Multi-factor authentication is supported where applicable.
  • Access Control: Role-based access control ensures users only have access to the data and actions that are relevant to their role. Permission can be scoped by:
    • Tenant: Restricts access to a specific customer or environment
    • Module: Restricts access to specific services or features.

Data Encryption and Storage

fabric protects customer data through robust encryption practices and secure infrastructure.
  • Data at Rest:
    • Encrypted using industry-standard algorithms such as AES-256.
    • Stored in secure cloud environments with restricted access controls.
    • Backups ensure data durability and support recovery.
  • Data in Transit:
    • Secured using HTTPS and TLS 1.2 or higher.
    • Applies to all external and internal service communications.
  • Ongoing Security Monitoring:
    • Continuous monitoring is in place to detect vulnerabilities in storage and infrastructure.
    • Infrastructure and services are reviewed to maintain compliance and security standards.

Tenant Isolation

fabric enforces strict separation between tenants to ensure data integrity and privacy.
  • Each tenant’s data is isolated at all levels of the platform.
  • Access controls are implemented programmatically and enforced across services.
  • Controls are reviewed to ensure consistent tenant separation.

Monitoring, Auditing, and Incident Response

fabric actively monitors its systems to maintain platform security and ensure rapid response to potential issues.
  • Monitoring and Alerts:
    • Continuous monitoring detects unauthorized access, anomalies, and system failures.
    • Real-time alerting systems notify teams of suspicious activity.
  • Auditing:
    • All access logs and system changes are recorded and auditable.
    • Logs are retained based on internal data retention policies.
  • Incident Response:
    • Defined procedures ensure rapid triage and remediation.
    • Relevant stakeholders are notified during incidents as part of the response process.

Secure Software Development

fabric integrates security into every stage of the software development lifecycle.
  • Code Reviews:
    • All code is reviewed for security vulnerabilities before deployment.
  • CI/CD Safeguards:
    • Continuous integration and deployment (CI/CD) pipelines enforce automated build-time checks and security gates.
  • Developer Training:
    • Developers receive ongoing training in secure coding practices and industry-standard security protocols.

Regulatory Readiness and Data Governance

fabric implements data protection and privacy controls aligned with industry standards.
  • Data Protection Principles:
    • Core practices such as encryption, access control, and secure storage are enforced across the platform.
  • Governance Policies:
    • Internal policies define how customer data is collected, accessed, retained, and deleted in accordance with applicable laws and regulations.
  • Transparency and Accountability:
    • fabric maintains clear processes for data handling and supports customer compliance with regional regulations, such as privacy and data residency requirements.