Security & Trust
We secure the tools that secure your cloud. EchelonGraph implements defense-in-depth across every layer of our platform.
Live Platform Posture
6/10 services operational โข ๐ข Live
Certifications & Compliance
SOC 2 Type II
In ProgressWorking toward SOC 2 Type II certification covering Security and Confidentiality trust service criteria.
ISO 27001:2022
AlignedInformation security practices aligned with ISO 27001:2022 Annex A controls. Formal certification planned.
GDPR
CompliantGDPR compliance including DPA, data subject rights, and data processing agreements.
CIS Benchmarks
Implemented440+ CIS v2.0 benchmark rules implemented across GCP, AWS, and Azure cloud scanners.
Security Architecture
Encryption
- โAES-256 encryption at rest (PostgreSQL, Secret Manager)
- โTLS 1.3 in transit (all Cloud Run services)
- โRS256 JWT with key rotation
- โSecrets stored in GCP Secret Manager
Access Control
- โRBAC with 5 least-privilege roles (super_admin, admin, analyst, viewer, owner)
- โSAML 2.0 SSO support
- โJWT-based session management with expiry
- โRole-based API endpoint authorization
Tenant Isolation
- โPostgreSQL Row-Level Security (RLS) per tenant
- โNeo4j label-based tenant isolation
- โJWT tenant_id enforcement on all API endpoints
- โCross-tenant access prevention at middleware level
Infrastructure
- โGoogle Cloud Platform (Cloud Run, Cloud SQL)
- โPrivate database access (no public IP)
- โCloud Run with least-privilege service accounts
- โAutomated, repeatable deployments (infrastructure-as-code)
Monitoring & Logging
- โPrometheus-compatible metrics endpoint
- โStructured logging (zerolog, JSON format)
- โComprehensive audit trail for admin actions
- โReal-time WebSocket status updates
Scanning & Detection
- โ440+ misconfiguration rules (CIS v2.0 mapped)
- โCVE correlation engine (real-time tracking via NVD feed)
- โMulti-cloud support (GCP, AWS, Azure)
- โAttack path analysis with blast radius visualization
Data Protection
๐ What We Access
- โRead-only access to cloud resource configurations and IAM policies
- โNetwork topology and security group rules
- โCVE metadata from public vulnerability databases (NVD)
๐ซ What We Never Access
- โContents of databases, storage buckets, or application data
- โApplication source code or runtime memory
- โUser credentials, API keys, or secrets in your environment
Responsible Disclosure
๐ Report a Vulnerability
If you discover a security vulnerability in EchelonGraph, please report it responsibly. We appreciate your help in keeping our customers safe.
Email: [email protected]
Response Time: Initial response within 48 hours
Scope: All EchelonGraph services and APIs
Need More Details?
Enterprise customers can request our security architecture documentation, vendor security questionnaire, and deployment guides.