As when using any cloud based application there are always areas where both the consumer and service provider will have to manage information security responsibilities. Evervault follows the traditional SaaS model for security responsibilities. Evervault are responsible for the systems used to deliver the proposed services, and the customer is responsible for the data you chose to put through our systems & how you interact with our systems.
Securing your credentials to access our platform is a critical step in protecting your environment. We have made several options available to enhance the security of access to the platform. It is up to you to ensure these are configured. In addition to standard good security hygiene, at a minimum Evervault suggest the following security good practice when using Evervault Securely:
Management Plane Access
- Implement an approval process for access and monitor account activity
- Allocate access on a least privilege basis
- Allocated credentials to individual users, do not share accounts
- Quickly Amend / Remove User Access when no longer required
- Frequently Review Access
- Store and Share Credentials and API keys Securely
- Rotate API Keys when administrator leaves
- Select robust hard to guess passwords
- Enable Multi-factor authentication
- Disable Accounts immediately if you suspect compromise and alert support@evervault.com for further support.
Data Plane (app.evervault.com)
- Constantly review the fields that you have chosen to encrypt to ensure they are adequate
- Constantly review the chosen destination end points for your encrypted and decrypted data flows
- Implement a change and approval process to authorise changes to destinations and fields
- Adhere to Evervault patch advisories if SDKs are in use