People and infrastructure you can trust

Unit applications and solutions are fully built in the AWS cloud environment. We prioritize security and compliance with regulatory requirements by utilizing a combination of native AWS and third-party tools. These tools continuously monitor and evaluate our systems to maintain a secure environment and uphold best security practices.

Unit uses strong encryption across all data, both at rest and in transit. We use Advanced Encryption Standard (AES) 256-GCM, the most advanced and secure method available, to encrypt all sensitive data at rest. We use Transport Layer Security (TLS) 1.2 or higher for all data in transit, which is the industry standard. 

Unit’s AWS environments are thoroughly segmented into different accounts and Virtual Private Clouds (VPCs). We utilize AWS Security Groups to filter inbound traffic. We ensure that specific workloads are allocated to dedicated resources to meet the specific needs of our different tenants. We use namespace Isolation by separate namespaces for each service to isolate resources like pods, services, and secrets.We have implemented robust, separated Continuous Integration (CI) and Continuous Deployment (CD) pipelines, which include code reviews, automated end-to-end (e2e), security testing and branch protection rules

Unit collects cloud events and detections from various sources such as CloudTrail logs. It also integrates with AWS's native threat detection capabilities to provide correlation and context with GuardDuty and 3rd party security platforms for near real-time ingestion of threat detection findings. In addition, Unit utilizes runtime sensors with eBPF-based technology to correlate runtime signals with cloud events for efficient incident response.

Unit has implemented strict password policies to ensure the safety and security of all critical services. Access to these services is granted only through Single Sign-On (SSO) or multi-factor authentication, wherever available. Role-Based Access Control (RBAC) is maintained across all internal and external systems, ensuring that access is provided only on a need-to-know basis. Furthermore, the information security team conducts periodic User Access Reviews (UAR) to review access authorization and permissions of internal and external stakeholders. This ensures that access control is continually monitored and improved to prevent unauthorized access to sensitive information.

Our remote access is secured through an Enterprise VPN Service. Additionally, our endpoints are protected by EDR (Endpoint Detection and Response), which includes a leading endpoint protection platform, managed services, and 24/7 monitoring and investigation of every security alert. 

Each API token at Unit is limited in scope, ensuring that it can access only certain resources, and can perform only certain operations on them (read/write).

Customer tokens restrict API resources to only what is enabled for a specific customer and limit token exposure to individual customers. They include built-in Two Factor Authentication (OTP) and customizable expiry that your systems can rely on.

API tokens are set to automatically expire in one year. Unit lets you customize expiration dates to enforce stricter security policies in your organization.

The Unit Dashboard supports the industry-standard SAML 2.0 protocol, to help you authenticate your users using an external identity provider. Furthermore, we incorporate multi-factor authentication to provide you with an added layer of security.

The Unit Dashboard includes built-in roles and permissions for your team members. This ensures that information access is granted strictly on a need-to-know basis, in accordance with the least privilege principle.

Display sensitive customer data, without any of it passing through your systems, offloading the need for PCI compliance to share it.

Sensitive data, such as full card numbers, are not available to be displayed in the Dashboard unless your company is PCI-certified. In the case that your organization is directly handling credit card data, it is highly probable that you will need to follow PCI-DSS standards, which require an annual validation process. There are four different levels of compliance that depend on the volume of transactions processed annually. Only companies that process over 6 million transactions annually are required to comply with Level 1, which requires an onsite assessment conducted by a QSA. For Levels 2-4, there are a few types of Self Assessment Questionnaires (SAQ) depending on several factors. For more information on the requirements, please visit the PCI website. If you need further guidance, feel free to contact us and we will do our best to walk you through the requirements.  

Unit collects audit trails for write operations to ensure high-level transparency and security standards. Our detailed audit logs help identify abnormalities, intrusions, or suspicious activity by providing oversight teams with a clear and comprehensive record of all activities. The designated audit log offers a searchable database of actions, each containing structured fields such as the time of action, performing user, associated bank or organization, action type, and changes made. While the audit log is still being expanded to include all actions, our operational database stores a history of updates, allowing data analysts to generate comprehensive reports for external audits. This ensures that we can provide the required data either through self-service solutions or ad-hoc requests.

Unit ensures active-active availability, improving recovery times and providing access to second availability zones.

We backup all production data and all backups are geo-replicate backups within the same judicial data boundary.

We continuously monitor the platform and post real-time updates to our public status page.

We have documented and implemented a business continuity plan that we activate and follow in the event of disruptions. We test our business continuity plan at least once annually, using different real world scenarios.