๐Ÿ›ก๏ธ Defense in Depth

Security & Trust

We secure the tools that secure your cloud. EchelonGraph implements defense-in-depth across every layer of our platform.

60%

Live Platform Posture

6/10 services operational โ€ข ๐ŸŸข Live

Checked: 8:12:24 PM

Certifications & Compliance

๐Ÿ›ก๏ธ

SOC 2 Type II

In Progress

Working toward SOC 2 Type II certification covering Security and Confidentiality trust service criteria.

๐Ÿ“‹

ISO 27001:2022

Aligned

Information security practices aligned with ISO 27001:2022 Annex A controls. Formal certification planned.

๐Ÿ‡ช๐Ÿ‡บ

GDPR

Compliant

GDPR compliance including DPA, data subject rights, and data processing agreements.

๐Ÿ“

CIS Benchmarks

Implemented

440+ CIS v2.0 benchmark rules implemented across GCP, AWS, and Azure cloud scanners.

Security Architecture

๐Ÿ”

Encryption

  • โœ“AES-256 encryption at rest (PostgreSQL, Secret Manager)
  • โœ“TLS 1.3 in transit (all Cloud Run services)
  • โœ“RS256 JWT with key rotation
  • โœ“Secrets stored in GCP Secret Manager
๐Ÿ”‘

Access Control

  • โœ“RBAC with 5 least-privilege roles (super_admin, admin, analyst, viewer, owner)
  • โœ“SAML 2.0 SSO support
  • โœ“JWT-based session management with expiry
  • โœ“Role-based API endpoint authorization
๐Ÿ—๏ธ

Tenant Isolation

  • โœ“PostgreSQL Row-Level Security (RLS) per tenant
  • โœ“Neo4j label-based tenant isolation
  • โœ“JWT tenant_id enforcement on all API endpoints
  • โœ“Cross-tenant access prevention at middleware level
๐ŸŒ

Infrastructure

  • โœ“Google Cloud Platform (Cloud Run, Cloud SQL)
  • โœ“Private database access (no public IP)
  • โœ“Cloud Run with least-privilege service accounts
  • โœ“Automated, repeatable deployments (infrastructure-as-code)
๐Ÿ“Š

Monitoring & Logging

  • โœ“Prometheus-compatible metrics endpoint
  • โœ“Structured logging (zerolog, JSON format)
  • โœ“Comprehensive audit trail for admin actions
  • โœ“Real-time WebSocket status updates
๐Ÿ”

Scanning & Detection

  • โœ“440+ misconfiguration rules (CIS v2.0 mapped)
  • โœ“CVE correlation engine (real-time tracking via NVD feed)
  • โœ“Multi-cloud support (GCP, AWS, Azure)
  • โœ“Attack path analysis with blast radius visualization

Data Protection

๐Ÿ”’ What We Access

  • โœ“Read-only access to cloud resource configurations and IAM policies
  • โœ“Network topology and security group rules
  • โœ“CVE metadata from public vulnerability databases (NVD)

๐Ÿšซ What We Never Access

  • โœ•Contents of databases, storage buckets, or application data
  • โœ•Application source code or runtime memory
  • โœ•User credentials, API keys, or secrets in your environment

Responsible Disclosure

๐Ÿ› Report a Vulnerability

If you discover a security vulnerability in EchelonGraph, please report it responsibly. We appreciate your help in keeping our customers safe.

Email: [email protected]

Response Time: Initial response within 48 hours

Scope: All EchelonGraph services and APIs

Need More Details?

Enterprise customers can request our security architecture documentation, vendor security questionnaire, and deployment guides.