Security
Customers trust Infinity to protect their data. That trust requires a service that is highly available and secure. As an Infinity customer, you benefit from a service designed, built, maintained, and monitored to meet rigorous security, compliance, and privacy requirements.
Built For The Cloud
Infinity is offered as a fully managed cloud service - 100% born and built in the cloud. Currently, all of Infinity's services are run and hosted in Amazon Web Services (AWS), hence our security policies follow AWS best practices and leverage the underlying security policies of AWS. Infinity does not operate any physical hosting facilities or physical computer hardware of its own.
Security Features
Infinity offers enterprise-level security features designed to protect and secure customer data.
IP Allowlist
IP Allowlist restricts access to only a specified set of IP addresses, so only calls made to the Infinity service originating from a specified IP address will be accepted.
Role Based Access Control (RBAC)
Infinity enforces least privileged access through custom roles that can be scoped to the resource level and to specific actions, giving users only the level of access they need at that time.
Single Sign On
Infinity has integrations with SSO providers like Okta, OneLogin, JumpCloud and Microsoft Azure Active Directory to enforce strong user authentication to Infinity.
Multi-Factor Authentication
Infinity has native support for strong multi-factor authentication including TOTP.
Transformed Content
Transformed content and extracted semantic metadata is stored and queried via SQL in Infinity. The service provides you extra security by limiting the exposure of the underlying data to authorized users.
Data Masking
PII (personally identifiable information) or PHI (protected health information) fields can be transformed at ingest with a one-way crypto hash function so that Infinity only stores the hashed values and not the original PII/PHI fields.
Audit Logging
Infinity maintains comprehensive, searchable, and exportable audit logs of all security-related events including authentication, permissions changes, CRUD operations, assumptions of privileges, and more.
Data Encryption
Data Encryption in Flight
Data in flight from customers to Infinity and from Infinity back to customers is encrypted through TLS 1.2 certificates with HSTS and controlled by network policies. Certificates are created and managed by AWS Certificate Manager. An AWS application load balancer terminates TLS connections at our API endpoint. We secure internal communication using AWS VPC functionality.
Data Encryption at Rest
Data is encrypted at rest throughout all of Infinity's services using encryption keys that are managed by AWS Key Management Service (KMS) and are never exposed to anyone, including to Infinity service.
Vulnerability Management
Penetration Testing
Infinity employs a third party security firm to perform Security, Vulnerability, and Penetration testing across our platform. These are run at least annually and findings are remediated according to their criticality and prioritization.
Vulnerability Disclosure Program
Infinity is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Infinity partners with HackerOne in order to continuously improve our security posture.
Compliance & Privacy
SOC 2 Type II
Infinity certifies its systems annually to AICPA SOC 2 Type II, successfully auditing the operational and security processes of our service. Infinity's SOC 2 Type 2 report is available upon request.
CCPA
The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Infinity is committed to supporting its customers in their CCPA compliance efforts.
GDPR
The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. Infinity provides customers the necessary capabilities for building GDPR compliance.