Securing the future of investment management

We care about security. If you have any questions, or encounter any issues, please contact us.

  1. Our approach to security is grounded in the following eight core principles:
    1.  Risk-Based Approach: We prioritize actions based on the potential risk and impact to our organization.
    2. Least Privilege: Access is granted at the minimum level necessary for each role,  reducing the potential for unauthorized access.
    3. Defence in Depth: We implement multiple layers of security controls to protect our systems and data.
    4. Attack Surface Reduction: We proactively minimize the number of vulnerabilities that could be exploited by an attacker.
    5. Secure Identity and Access Management: We ensure that only authorized individuals have access to our systems and data.
    6. Process-Driven: Our security measures are not ad-hoc but based on well-defined, documented, and repeatable processes.
    7. Repeatable: Our security practices are designed to be consistently applied across the organization.
    8. Continuous Improvement: We regularly review and update our security practices in response to evolving threats and new learnings.
  2. Compliance certificates
    1. ISO 27001: This certification is a testament to our extensive security measures and risk management strategies. In a time where cybersecurity threats are on the rise, this certification underscores our steadfast dedication to safeguarding our company data, customer information, and other valuable assets.
    2. GDPR: We are fully compliant with the EU and UK General Data Protection Regulations (GDPR). This means we’re committed to protecting your data and upholding the highest standards of privacy. You can rest assured that your information is safe, secure, and handled with utmost care.
  3. Data protection
    1. Data at rest: All data in our databases and storage accounts are encrypted with our own customer managed keys, using AES-256 encryption
    2. Data in transit: We use TLS 1.2 or higher for all transmitted data.
    3. Secret management: Encryption keys and secrets are managed by a key Vault. It is for secure key management, providing centralized, access-controlled storage of encryption keys. It safeguards keys with Hardware Security Modules and offers audit trails for all key usage. Automated tasks like key rotation are handled, enhancing key security.
    4. Access to all data is protected by strong Role-Based Access Control, and monitored to detect any unauthorized access.
  4. Product Security
    Sesame is built with a security-first approach to development. We have adopted a DevSecOps approach, where security is integrated at every stage of the pipeline, from planning to public release. Security requirements are considered during the planning phase. The code is tested during development, reviewed before being committed, and tested again before deployment. But our security measures don’t stop when the product goes live. We actively monitor for new vulnerabilities in our libraries and application and conduct regular penetration testing to discover risks that might have been missed previously.
  5. Vulnerability scanning
    Our goal is to proactively identify vulnerabilities before the code is deployed into production and to continuously monitor for new vulnerabilities in our running applications.
    1. Static Application Security Testing (SAST): We perform continuous testing of our source code and infrastructure provisioning code prior to compilation.
    2. Dynamic Application Security Testing (DAST): We conduct periodic scans of our running applications before they are deployed into production.
    3. Cloud Security Posture Management (CSPM): We continuously scan our cloud infrastructure to identify and mitigate security risks.
    4. Cloud Workload Protection Platform (CWPP): We continuously scan our cloud workloads to identify risks such as misconfigurations and vulnerable libraries, and to detect threats.
    This comprehensive approach to vulnerability scanning underscores our commitment to maintaining the highest standards of security for our platform.
  6. Enterprise security
    We utilize a central Mobile Device Management tool, to manage all endpoints effectively. This central management ensures that critical security configurations, including encryption, malware protection, application deployment, and patching, are uniformly applied and controlled.
  7. Secure remote access
    Access to both company and customer resources is facilitated exclusively through company-issued devices, which are under continuous surveillance to ensure compliance with our stringent security requirements. Connections to cloud resources are done via Bastion and VPN.
  8. Security education
    Our employees are the cornerstone of our security program. Recognizing their vital role, we ensure they receive annual training on general security and data protection. This commitment to continuous learning underscores our dedication to maintaining the highest standards of security.
  9. Identity and access management
    At Landytech, we take security seriously. Our identity management program is designed with the utmost care to ensure that access to all company resources and customer data is strictly controlled. We adhere to the principles of ‘least privilege’, ‘need to know’, and ‘separation of duties’. This means we’re meticulous about who has access to what.
    We employ a range of robust security measures. These include phishing-resistant multi-factor authentication and single sign-on systems for both simplicity and enhanced security. Access is role-based, ensuring individuals only have the permissions they need for their specific role. Furthermore, we prioritize secure provisioning and maintenance.
  10. Network security
    Our platform is fortified by robust virtual networks, each meticulously segregated by firewalls and network security groups. We prioritize security and efficiency, maintaining separate environments for development, staging, and production. This segregation ensures isolated testing and deployment, minimising risks and enhancing performance. Our commitment to this structured approach underscores our dedication to providing secure and reliable services.
  11. Patch management
    We adhere to a rigorous patch management practice, ensuring all changes are thoroughly reviewed and tested before deployment. Our well-established patching procedure guarantees the stability and security of our systems. Leveraging Infrastructure as Code (IaC), we deploy all patches systematically and efficiently.
  12. Physical security
    We are a cloud-based company and physical security is handled by the cloud service provider.
  13. Monitoring
    We have robust monitoring of our infrastructure, with data points across identity, network, application and hardware. The logs are collected in our SIEM, and correlated for detection and response to malicious activities, bugs, and for troubleshooting.
  14. Availability
    We create products with high availability that cater to the needs of our customers, leveraging the scalability provided by our Cloud Service Provider (CSP). We are committed to maintaining our service level agreements (SLAs).
Product security

Sesame's security capabilities

Explore how Sesame gives you granular tools to protect your team and data.

image 12