SOC2 Type II Certified
Single Tenant Architecture
Each customer's Prodvana instance runs within a dedicated VPC, including a dedicated service account. Prodvana utilizes a shared data plane for non-sensitive data.
All sensitive data are securely encrypted with Google's KMS, which uses 256-bit Advanced Encryption Standard (AES-256) keys in Galois Counter Mode (GCM). The encryption key is private and unique per customer, only accessible from within the dedicated customer VPC.
Prodvana supports Single Sign-On via Auth0.
Private, Secure Communication to your cluster
For Kubernetes clusters, Prodvana installs an agent as part of runtime linking. The Prodvana Agent communicates back to the dedicated Prodvana instance over a secure connection. The Prodvana Agent is responsible for changes within the Kubernetes cluster. The source code for the agent is available on request.
Removing the Prodvana Agent removes all Prodvana access to the customer Kubernetes cluster.
Prodvana logs all actions. This audit log is available on request.
For additional questions please email [email protected]
Prodvana aims to provide a secure workflow out of the box. Here are steps you can take as our customers to further secure your infrastructure, in the unlikely event we are compromised.
Validating Your Image Names
One easy thing you can do is validate that your image came from your private docker registry, and only your private docker registry. This will prevent unknown code from running on your cluster. There are many solutions here, such as the Open Policy Agent.
Updated about 2 months ago