Certifications

SOC2 Type II Certified

Security Features

Single Tenant Architecture

Each customer's Prodvana instance runs within a dedicated VPC, including a dedicated service account. Prodvana utilizes a shared data plane for non-sensitive data.

Secret Storage

All sensitive data are securely encrypted with Google's KMS, which uses 256-bit Advanced Encryption Standard (AES-256) keys in Galois Counter Mode (GCM). The encryption key is private and unique per customer, only accessible from within the dedicated customer VPC.

Single Sign-On

Prodvana supports Single Sign-On via Auth0.

Private, Secure Communication to your cluster

For Kubernetes clusters, Prodvana installs an agent as part of runtime linking. The Prodvana Agent communicates back to the dedicated Prodvana instance over a secure connection. The Prodvana Agent is responsible for changes within the Kubernetes cluster. The source code for the agent is available on request.

Removing the Prodvana Agent removes all Prodvana access to the customer Kubernetes cluster.

Audit Log

Prodvana logs all actions. This audit log is available on request.

For additional questions please email [email protected]

Best Practices

Prodvana aims to provide a secure workflow out of the box. Here are steps you can take as our customers to further secure your infrastructure, in the unlikely event we are compromised.

Validating Your Image Names

One easy thing you can do is validate that your image came from your private docker registry, and only your private docker registry. This will prevent unknown code from running on your cluster. There are many solutions here, such as the Open Policy Agent.