Our
Security Story
Security Risk & Compliance Overview
What is Cyder:
Cyder's Intent AI platform captures real-time customer intent signals across the entire web. With Cyder, brands know the exact moment a customer is looking for a relevant product so marketers can activate the right customer journey.
How it works:
Cyder integrates with the brand’s existing browser extension to capture real-time behavior as customers browse online. Rather than just the brand’s existing website, the platform works across all websites, providing an end-to-end view of the customer journey. Cyder’s Intent AI model is then able to analyze this information to capture intent signals that indicate a customer is actively seeking a relevant product. These intent signals automatically activate customer journeys to reach customers in a timely manner.
Information Security
Cyder Inc encrypts and protects sensitive information across the transformation and analysis process.
-
Data in Transit- TLS encryption for all data exchanged. Additional security is available for dedicated VPN connections between the customer and Cyder Inc
-
Data at Rest – AES 256-bit encryption
-
Network Security – Intrusion detection systems and alerts to monitor for real-time threats, including the use of Google IDS
-
Access Management & Authentication
Cyder Inc.’s platform provides full control of access to all hosted information
-
Account Authentication: <high level description on how this is done>
-
Password Policies: Required strength factors (minimum characters, required numbers and special characters, common passwords rejected), salted and hashed password storage, and password resets
-
Granular Access Control and Review: Role-based access, visibility and user access rights. Regular access review and analysis
-
Audit and Access Logging: Detailed tracking and audit logging of all activities related to the application environment and administrative activity.
Software Development Practices
Security processes and have been fully integrated into the Cyder Inc. software development processes. Developers receive training that focuses on OWASP specific guidelines. In addition, processes are setup to allow for separation of duties and segmentation of platforms with dev, staging, and production.
-
OWASP based security controls design
-
Separation between dev, staging, and prod
-
Use of test data in development environment
-
Code peer review
-
Code repository controls
-
Threat modeling
-
Deployment controls
Infrastructure Security
Cyder Inc. leverages Google Cloud Services (GCP). Cyder Inc. can make available all standards, GCP certifications and accreditations along with physical security controls.
Company Policies and Procedures
Cyder Inc. security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant change.
-
Security Policies and Training – All employees go through required training upon hire and must recertify on an annual basis. Policies include:
-
Access Control
-
Business Continuity
-
Disaster Recovery
-
Cryptographic Controls
-
Data Management
-
Human Resources Security
-
Information Security
-
Operations Security
-
Physical Security
-
Risk Management
-
Third Party Risk Management
-
-
Platform Security – On-going security activities, including:
-
Network intrusion detection
-
Code vulnerability scanning
-
System, network, application log analysis, reporting, and retention
-
-
Incident Response Planning & Team in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.
Regular Third-Party Security Review that identifies and evaluates security risks of vendors and third parties.
Standards and Certification
Cyder Inc. is committed to establishing and maintaining compliance with key information security and regulatory standards, including:
-
Service Organization Control (SOC) 2
-
USDP
-
CSA Controls Matrix
Cyder Inc. and third-party certification and verification reports are available for limited distribution and shared under non-disclosure agreements.
Helpful Links
CSA Security Standards - https://cloudsecurityalliance.org/star/
GCP Risk and Compliance
https://cloud.google.com/security/compliance/offerings
Cyder Inc. Privacy Policy