Your Data Is Safe With FleetSage

At FleetSage we take security as seriously as we do safety.

FleetSage operates on the AWS cloud service platform which by default has sane security practices. We have taken additional precautions to ensure your data remains safe such as:

• We have a Security Incident Response plan (IR) and runbooks in place so our organization is aware of our security practices and how to take action in case of an incident.
• MFA is enforced to ensure our employee's accounts are not comprised.
• We continuously monitor our object storage using Machine Learning to ensure PPI remains private and encrypted.
• We encrypt our root storage volumes at-rest to ensure data will not be recovered via malicious intent by restoring older snapshots and using sleuthing tools.
• We use both Service Control Policies and Permission Boundaries to ensure our AWS user accounts are limited to the actions they only should perform.
• We deny the use of AWS services which are currently unsupported by CloudTrail in case an attacker would attempt to abuse the services which would go undetected.
• We run both an Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect possible intruders.
• We globally log all API calls across all our accounts, regions and we deliver these logs to an isolate logging account and we encrypt these logs as well check for Log Integrity so a possible intruder cannot hide their activity
• We automatically and continuously patch the baseline of our servers
• We generate and review a credential report so we can see at a glance if there are any over-permissive user accounts.
• We practice PenTesting to determine to uncover new or previously missed attack vectors or security compromises.
• We run statistical code analysis on our codebase to ensure programming credentials or Common Vulnerabilities and Exposures (CVE) are not present within our code.
• We use a hardware security module (HSM) to safeguard the storage of our encryption keys