Governance
Our policies are based on the following
foundational principles:
Proxify’s Security and Privacy teams establish policies and controls, monitor compliance with those controls,
and prove our security and compliance to third-party auditors.
01
Access is granted only to individuals with a clear business justification, and permissions should be scoped to the minimum required to perform their role.
02
Security controls are designed as overlapping layers, so no single safeguard is relied on as the sole line of defense.
03
Controls are enforced uniformly across the organization, rather than applied selectively or inconsistently.
04
Controls are implemented with ongoing improvements that improve effectiveness and reduce operational friction over time.
Data Protection
At Proxify, data privacy is a first-class priority—
we strive to be trustworthy stewards of all sensitive data.
Data at rest
All customer data repositories, including S3 buckets, are encrypted at rest. Highly sensitive tables and collections additionally employ row-level encryption.
As a result, the most sensitive data is encrypted before it is written to the database, ensuring that neither physical access nor database-level access alone is sufficient to view it.
Data in transit
Proxify enforces TLS 1.2 or higher for all data transmitted across potentially untrusted networks. Additional protections, including HSTS (HTTP Strict Transport Security), are used to further safeguard data in transit. TLS certificates and server keys are managed by AWS and implemented through Application Load Balancers.
Secret management
Encryption keys are centrally managed using AWS Key Management Service (KMS). KMS protects key material within Hardware Security Modules (HSMs), ensuring that no individuals—including Amazon or Proxify personnel—can directly access the keys. All encryption and decryption operations are performed through Amazon KMS APIs using keys secured in these HSMs.
Corporate Precautions
Vulnerability Scanning
Proxify requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):
01
Access should be restricted to individuals with a valid business purpose and provisioned in accordance with the principle of least privilege.
02
Security controls should be deployed in multiple layers, consistent with the principle of defense in depth.
03
Periodic network vulnerability scanning.
04
Dependency scanning to detect and block malicious packages from entering our software supply chain.
05
Dynamic application security testing (DAST) of live applications.
06
Continuous external attack surface management (EASM) to identify newly exposed external assets.
Enterprise Security
Endpoint protection
All corporate devices are provisioned with mobile device management and anti-malware tools. Endpoint security is monitored continuously, 24/7/365. MDM is used to enforce secure endpoint configurations, including disk encryption, screen lock policies, and timely software updates.
Identity and access management
Proxify protects remote access to internal systems through AWS’s VPN solution. In addition, malware-filtering DNS services are used to safeguard employees and their devices during internet access.
Secure remote access
Proxify delivers comprehensive security training to all employees at onboarding and on an annual basis through structured learning modules. All new hires also participate in a required live onboarding session covering core security principles, and all new engineers attend an additional mandatory live session focused on secure coding practices. The Proxify security team regularly distributes threat briefings to keep employees informed of security and safety updates that require heightened awareness or action.
Secure remote access
Proxify relies on AWS for identity and access management and enforces phishing-resistant authentication methods, using Cognito wherever feasible.
Employee access to applications is role-based and automatically revoked upon termination. Any additional access requires approval in accordance with each application’s defined policies.
Vendor Scanning
Proxify uses a risk-based approach to vendor security. Factors which
influence the inherent risk rating of a vendor include:
01
Production environment integration
02
Potential brand damage
03
Customer and corporate data access
Responsible Disclosure
Looking to report a security concern?