Security Measures at Apidog
This article introduces the security measures taken by Apidog to protect your data and infrastructure.
Safeguarding your data is our top priority at Apidog. Our defense-in-depth approach secures data through encryption, stringent application security controls, and organizational policies.
We enable robust API governance and security within the Apidog platform, empowering customers with tools to protect their API infrastructure. In addition, all Apidog employees undergo background checks before employment and are trained on security best practices during company onboarding and annually throughout the year.
Infrastructure Security
at Apidog, we fully leverage Amazon Web Services (AWS) cloud infrastructure to host our platform in the United States. By building entirely on AWS instead of maintaining our own data centers, we can rely on their industry-leading physical and network security controls. Our defense-in-depth approach on top of AWS infrastructure includes multi-factor authentication, encryption, access controls, vulnerability management, and other security best practices. We use a multi-layered approach to protect our infrastructure, including:
Web Application Firewall
We use the AWS Network Firewall to protect our infrastructure from common web exploits. Our WAF is configured to block malicious traffic, including SQL injection and cross-site scripting (XSS) attacks.
DDoS Protection
Apidog utilizes load balancing and other solutions to mitigate potential DDoS attacks. By distributing traffic across multiple servers, our systems are resilient against surges in requests or malicious efforts to overwhelm our infrastructure. We employ intelligent monitoring that tracks traffic patterns and automatically alerts our response team about anomalies. Our on-call engineers can rapidly analyze threats and take appropriate actions, such as filtering specific IP addresses. Our multilayered defenses and vigilant monitoring ensure our systems stay online and accessible to legitimate users.
IP Whitelisting
at Apidog, we implement strict IP whitelisting with WAF to restrict infrastructure access to authorized developers only. Regular auditing and reviews of our allow lists ensure they remain up-to-date to block unauthorized access attempts. Our systems also automatically flag anomalous activity from unknown IPs for investigation. By limiting exposure to trusted IPs, we harden our environment against intrusion threats and malicious requests. Our layered defenses and proactive monitoring enable a quick response to potential attacks targeting our infrastructure.
Data Security
at Apidog, end-to-end data security is our top priority. We take a multi-layered defense approach, securing data through encryption, stringent application security controls, and strict organizational policies. Our databases are hosted in AWS data centers in the US East region to enable secure and sovereign storage. The Apidog platform provides robust API governance, identity and access management, and threat protection capabilities to enable customers to fully secure their API ecosystems. Our commitment to security and compliance spans our product development lifecycle and corporate culture.
Data Isolation
at Apidog, we leverage logical isolation and strict access controls to separate production data from development environments. Access is restricted via AWS Identity and Access Management (IAM) to prevent unauthorized access. Our defense-in-depth approach also relies on comprehensive CloudTrail logging to capture all API activity, while our security team regularly reviews logs to rapidly detect and respond to anomalies.
Data Encryption
at Apidog, we use a layered data encryption strategy relying on hash functions with salt to irreversibly scramble sensitive data at rest. For data in transit, TLS 1.2 encryption with perfect forward secrecy ensures secure transmission over the public internet. We store hashed password credentials to prevent decryption. Hashed one-way encryption protects sensitive information like passwords. Stringent key management and access control policies prevent unauthorized decryption. Our defense-in-depth encryption safeguards API infrastructure.
Data Protection Regulations
at Apidog, we have implemented mechanisms to support customers in meeting their data protection compliance obligations. Our data processing agreements are committed to upholding rigorous standards for security, privacy, and ethical data usage.
Data Transmission Security
at Apidog, all data transmission is protected by SSL/TLS encryption protocols, including TLS 1.2 to prevent the interception of customer data. We utilize optimal cipher suites, ephemeral keys, and other modern security parameters to ensure robust encryption. Network security mechanisms like firewalls provide additional layers of defense.
Data Response Strategies
Data Backup
Apidog implements robust backup policies to protect against data loss. Customer data is backed up daily to multiple geographically dispersed AWS regions for resilience. Backup integrity is verified via checksums and test restores. Long-term retention policies preserve prior versions.
Apidog implements regular backups stored securely in AWS S3 for disaster recovery. We recommend customers periodically test failover to backups. Apidog's resilient infrastructure minimizes downtime and data loss.
Additional information can be found in the knowledge base linked here:
- Data Backup
- AWS S3 provides 99.9% availability.
Data Recovery
Rapid data recovery capabilities minimize disruption. Automated failover restores primary databases from recent backups in minutes. Asynchronous replication to hot standby instances also enables fast RPOs. Selective restoration accommodates granular recovery needs. Detailed logs aid in forensic investigation and root cause analysis.
Data Deletion
For requested data deletion, Apidog can purge records across primary databases, caches, and backups in a timely manner. Cryptographic erasure techniques fully erase data from block storage. Deleted data is retained for 15 days before being permanently purged from all systems and becoming unrecoverable.
Additional information can be found in the knowledge base linked here:
Threat Protection and Response
at Apidog, comprehensive monitoring allows rapid threat detection across our infrastructure and services. Load testing minimizes performance impacts from surges. Regular threat simulation testing and updates based on the latest intelligence improve our protections. Multi-layered defenses supported by vigilant monitoring and response enable Apidog to withstand and recover from attacks.
Service Monitoring
Apidog implements continuous automated monitoring across infrastructure and applications to maintain vigilance. Sensors throughout our environment track metrics and activity patterns. When potential threats are surfaced, alerts are pushed to our trained security and reliability engineering teams for rapid investigation and response.
System Performance
Apidog leverages auto-scaling cloud infrastructure to rapidly provision additional resources in response to surges in customer demand. Load balancing evenly distributes the increased traffic to ensure consistent performance and availability for existing users. Proactive load testing allows us to identify and resolve bottlenecks before they impact customers. Cloud elasticity enables Apidog to smoothly absorb large spikes in usage without degradation of the user experience.
Rigorous Pre-deployment Verification
Apidog subjects all platform updates to extensive validation of stability and security prior to release. Load testing under simulated production conditions identifies performance bottlenecks. A/B testing compares new versions to baseline builds. Automated and manual penetration exercises uncover potential vulnerabilities. Test automation allows accelerated regression testing across the entire platform. This rigorous verification process for each release ensures that newly deployed capabilities are thoroughly hardened for the live environment.
Payment Information Security
In order to ensure the security of payment information, Apidog has chosen Stripe as the sole method of payment. As a globally recognized secure payment platform, Stripe is trusted by major corporations and customers across the world.
The effectiveness and reliability of Stripe can be mainly attributed to its full compliance with the Payment Card Industry Data Security Standard (PCI DSS), This is an established global security standard that guarantees the secure handling of cardholder information at every step of the payment process. Compliance with this standard signifies that Apidog is committed to the protection of your payment information against unauthorized access, ensuring absolute security and peace of mind when transacting.
Shared Security Responsibilities
Security is a shared responsibility between Apidog and its users. While Apidog ensures the stability and safety of its platform, users also play a crucial role in safeguarding their data. In order to maintain high data security standards, it is advised not to store any sensitive information outside the Apidog environment. An effective and practical method to protect sensitive data, such as API keys and access tokens, is to utilize encrypted environmental variables.
Social Engineering Security Policies
Apidog administers multi-leveled physical and personnel security measures to protect our business premises and infrastructure.
Multi-Level Security Measures
Rigid access control policies, enforced by security mechanisms such as badge access systems, guarantee that only authorized personnel have access to our facilities. Clean desk policies, secured workstations, and shielded device storage help maintain information security after working hours.
Comprehensive Security Policies for Employees
Apidog implements rigorous security protocols to protect sensitive information and intellectual property. Access to work areas is restricted through the use of electronic keycards, ensuring that only authorized personnel can enter.
Employees are required to lock their computers when leaving their workstations, adding a layer of protection against unauthorized access. External visitors must be escorted at all times, and their access is limited to designated meeting rooms and lobbies.
At the end of each day, employees dutifully shut down their systems and secure any physical documents before leaving the premises. Through these and other precautionary policies, Apidog strives to safeguard its data, systems, and facilities against potential security threats. The company recognizes that vigilance and proactive measures are essential to maintaining the integrity and confidentiality of its operations.