Functionize: A Secure and Scalable Cloud Platform
Built entirely on the cloud, Functionize is designed to ensure the highest standards of protection for our customers. Here’s an overview of our security measures:
At Functionize, security and scalability are at the core of our platform. Built entirely on the cloud, Functionize is designed to ensure the highest standards of protection for our customers.
Here’s an overview of our security measures:
Information Security
Security and privacy are a top priority for Functionize. We have a dedicated security team that continuously manages and constantly enhances our security posture. Our security policies are based on the NIST 800-53b control list and the NIST Cybersecurity framework, which we are happy to share under an NDA. All employees and contractors read and accept our Acceptable Use Policy, which addresses both security and data policy requirements.. Additionally, all Functionize employees undergo annual security training.
We conduct regular penetration tests internally and commission annual wide-scoped penetration tests to be performed by a third-party security firm. Our Incident response policy is well-defined, and the procedures are adhered to by team members holding relevant certifications, such as GCIH. We also undergo annual SOC2 Type 2 audits to ensure compliance with industry standards.
Data security
We do not process or store any financial data or privacy-sensitive information from our clients. User accounts on the platform include only an email address, used for authentication.. As part of automated testing, screenshots of the application and descriptions of web application DOM, page elements, and attributes are recorded. This data is stored in a relational database with encryption enforced.
All test data is stored in Google Cloud Buckets, with data encryption enforced in both transit and at rest, Our encryption specifications are:
- In transit: TLS 1.3 (we support t TLS 1.2 for clients not yet on TLS 1.3)
- At rest: AES-256
Encryption keys are managed via Google Key Management System.
Infrastructure Security
The Functionize platform is a multi-tenant application fully deployed on Google Cloud Platform (GCP), designed from the ground up using multi-tenancy principles. Components of the architecture are distributed across Virtual Private Clouds (VPCs). The infrastructure implements robust security policies that include:
- VPC Security policies
- Service centric Firewall policies
- Web Application firewall for public endpoints
- Endpoint security
- logging and monitoring, alerts via PagerDuty
All internal and external endpoints are accessed via HTTPS and we utilize Google Workspace features like Single Sign-On (SSO) and Data Loss Prevention (DLP) for added security.
