Rapyd Security
From day one Rapyd has embedded security into every aspect of our business.
Security is fundamental to how we develop our product and applications, our infrastructure, data storage, and even corporate operations such as employee onboarding & life cycle, data retention & access, and more.
Our top priorities include protecting sensitive individuals and company data and developing products and services that meet and exceed security, privacy, and regulatory requirements and best practices. Below is an outline of the many components of Rapyd’s strict security measures. For questions or additional information contact our security team at cyber@rapyd.net.
This section delves into Rapyd’s Information Security Policy and its governance model. The company security policy defines the principles, rules, and guidelines for securing data, infrastructure, and operations. The governance model outlines the roles and responsibilities of individuals involved insecurity decision-making and enforcement.
Rapyd’s cloud-based platform infrastructure is stored in the AWS cloud environment. All data and infrastructure are replicated to remote AWS availability zones located in the US East 1 region. In addition, Rapyd holds a data center in the AWS Europe West 1 region, as a data recovery solution. To maintain the most up-to-date security measures, we frequently conduct security assessments on systems and infrastructure. Rapyd maintains a comprehensive asset inventory of our current network infrastructure, which allows us to perform daily vulnerability scans, on both infrastructure and applications and APIs. Any compromised asset is being remediated instantly. All endpoints are managed and covered by a leading endpoint protection platform with additional managed services. Contractors’ endpoints have additional security control installed as a precautionary measure.
Rapyd puts great effort into protecting its products, actively implementing measures and best practices to mitigate the OWASP top 10 risks and security considerations throughout the entire application lifecycle, and performing continuous risk assessments and monitoring. Rapyd utilizes threat modeling, design and code reviews, periodic penetration testing, and a bug bounty program as well as other security measures.
Rapyd utilizes Cloud Security Posture Management (CSPM) tools to continuously monitor and assess the security posture of its cloud infrastructure. CSPM enables real-time visibility into the security configuration of cloud resources, ensuring compliance with best practices and security policies. Automated alerts and remediation capabilities assist in addressing potential misconfigurations or security gaps promptly.
Databases are managed by a dedicated team, engaged in keeping them up to date, scalable and replicated, and accessed on the need-to-know principle. Databases are replicated through AWS availability zones to ensure continuous operations of our products and services. Rapyd’s operations center monitors the databases and in case of failure, traffic is immediately routed to the backup database, making it the master. Rapyd personnel stand ready 24/7 to analyze and correct any faults.
Rapyd conducts regular and automated backups of its critical systems and databases, ensuring that data is captured at frequent intervals. The backup strategy takes into account the volume of data and the required recovery point objectives (RPOs) to ensure that data loss is minimized in the event of an incident. Backups are encrypted during transit and at rest, guaranteeing the confidentiality of the data throughout the backup process.
Rapyd defines data retention policies to govern the duration for which backup data is retained. These policies are aligned with regulatory requirements and business needs. By adhering to these policies, Rapyd avoids unnecessary storage costs while ensuring the availability of historical data when required.
Rapyd enforces strong and complex password policies and mandatory multi-factor authentication (MFA)for all connections and applications. All systems are accessed via a Single Sign On (SSO) mechanism. Additional MFA challenges exist for access to sensitive information and infrastructure. Rapyd has strict access control processes, based on the need-to-know principle, and access to company resources is granted only from company-managed devices. The Information Security team conducts a periodic review of access authorization and permissions of internal and external users. Privileged accounts are managed by the IT team and are validated periodically by the Information Security Team.
Data protection measures include encryption, passkey-protected access control, hardware security modules (HSM), tokenization methods, certificates, and more. For data at rest, we employ strong encryption and length standards, and for data at motion, internally and externally, we use SSL and TLS certificates by trusted providers. Rapyd has built-in processes for data classification and data retention, as a basis for access control management.
RAPYD BUG BOUNTY
For questions or additional information, please contact us:
Security: Cyber@Rapyd.net