🛡️ Defense in Depth

Security & Trust

We secure the tools that secure your cloud. EchelonGraph implements defense-in-depth across every layer of our platform.

60%

Live Platform Posture

6/10 services operational • 🟢 Live

Checked: 2:25:11 PM

Certifications & Compliance

🛡️

SOC 2 Type II

In Progress

Working toward SOC 2 Type II certification covering Security and Confidentiality trust service criteria.

📋

ISO 27001:2022

Aligned

Information security practices aligned with ISO 27001:2022 Annex A controls. Formal certification planned.

🇪🇺

GDPR

Compliant

GDPR compliance including DPA, data subject rights, and data processing agreements.

📐

CIS Benchmarks

Implemented

440+ CIS v2.0 benchmark rules implemented across GCP, AWS, and Azure cloud scanners.

Security Architecture

🔐

Encryption

✓AES-256 encryption at rest (PostgreSQL, Secret Manager)
✓TLS 1.3 in transit (all Cloud Run services)
✓RS256 JWT with key rotation
✓Secrets stored in GCP Secret Manager

🔑

Access Control

✓RBAC with multiple roles (super_admin, tenant_admin, viewer, analyst)
✓SAML 2.0 SSO support
✓JWT-based session management with expiry
✓Role-based API endpoint authorization

🏗️

Tenant Isolation

✓PostgreSQL Row-Level Security (RLS) per tenant
✓Neo4j label-based tenant isolation
✓JWT tenant_id enforcement on all API endpoints
✓Cross-tenant access prevention at middleware level

🌐

Infrastructure

✓Google Cloud Platform (Cloud Run, Cloud SQL)
✓Private database access (no public IP)
✓Cloud Run with least-privilege service accounts
✓Automated deployments via CI/CD pipeline

📊

Monitoring & Logging

✓Prometheus-compatible metrics endpoint
✓Structured logging (zerolog, JSON format)
✓Comprehensive audit trail for admin actions
✓Real-time WebSocket status updates

🔍

Scanning & Detection

✓440+ misconfiguration rules (CIS v2.0 mapped)
✓CVE correlation engine (real-time tracking via NVD feed)
✓Multi-cloud support (GCP, AWS, Azure)
✓Attack path analysis with blast radius visualization

Data Protection

🔒 What We Access

✓Read-only access to cloud resource configurations and IAM policies
✓Network topology and security group rules
✓CVE metadata from public vulnerability databases (NVD)

🚫 What We Never Access

✕Contents of databases, storage buckets, or application data
✕Application source code or runtime memory
✕User credentials, API keys, or secrets in your environment

Responsible Disclosure

🐛 Report a Vulnerability

If you discover a security vulnerability in EchelonGraph, please report it responsibly. We appreciate your help in keeping our customers safe.

Email: security@echelongraph.io

Response Time: Initial response within 48 hours

Scope: All EchelonGraph services and APIs

Need More Details?

Enterprise customers can request our security architecture documentation, vendor security questionnaire, and deployment guides.

Request Security Docs View DPA