Military Grade Security
KruptoConnect delivers a quality solution while maintaining the confidentiality, integrity, availability and privacy of sensitive data that’s critical to your business and ours.
We have implemented and maintain a host-based intrusion detection system and network-based intrusion detection system designed to alert us in the event of suspicious activity.
We use HTTPS/TLS with AES-256 encryption to secure connections between browsers, mobile apps, and other components to KruptoConnect and as also add up additional layer of AES-256 encryption on the Socket connection to our platform. There is dual layer of Cryptography which we use to secure the communication.
The data transmission or data exchange between KruptoConnect and the third party that is authorized by the client to receive the data, happens using the top secure file transfer methods such as TLS, SFTP, HTTPS etc
We encrypt call recordings by default. KruptoConnect generates customer specific per recording encryption key used to secure each call recordings. Chat sessions are encrypted in transit.
We use industry standard methods to support encryption. We use a minimum of RSA 2048 bits for asymmetric key encryption. For symmetric key encryption, we use AES 128 bits. For hashing, we use SHA1 and SHA2.
User Access Control
Your User Access (Managed by Us)
KruptoConnect is a managed service. Our responsibilities include, but are not limited to, managing the entire application, creating the users, extensions, and assigning respective access control. The other roles like defining the usernames, creating the passwords with setting minimum length, degree of complexity, a time frame for expiration and defining user roles etc. are defined by the clients.
Our User Access
- User accounts are requested and authorized by our management.
- User accounts follow the concept of least privilege.
- Dormant or unused accounts are disabled after 90 days of non-use.
- Session time-outs are systematically enforced.
- User accounts are promptly disabled upon employee termination or role transfer, eliminating a valid business need for access.
Security Awareness and Training
Policies And Procedures
Business Continuity and Disaster Recovery
KruptoConnect utilizes AWS services to provide highly available environments, including, but not limited to, the following:
- Availability Zones (AZs) which consist of one or more discrete data centers, each with redundant power, networking and connectivity, and housed in separate facilities;
- Auto Scaling Groups (ASGs) to dynamically scale clusters based on demand and automatically launch replacement instances in the event of a failure.
- AWS Elastic Load Balancers (ELBs) to route internal and external traffic to healthy infrastructure and automatically reroute traffic away from unhealthy infrastructure;
- Durable message queueing systems that support request queuing and point-to-multipoint notifications. Message queues allow us to both load-balance requests/events and handle load bursts without data loss; and
- Amazon Simple Storage Service (S3) is an object storage service that is used to store data that can be retrieved at any time and from anywhere from the web. Objects are stored redundantly on multiple locations across the globe.