OUR SECURITY PROGRAM
We take the security of our systems and our customers seriously. Here are some of the ways that we are working to protect your data and our system assets.
How we manage security
At Instaclustr we have a formal security program and have a Security Architect as part of our engineering team. We also engage a specialist cyber security services company to perform regular penetration testing and to conduct independent reviews of our system architecture and any intended changes.
However, we also acknowledge that having a perfect and flawless security posture is almost impossible and the key is to be able to address any issues quickly and effectively. Our security program has been designed around a methodology that includes security considerations in our design, continually reviewing and testing, monitoring our systems and the environment and having a suitable response capability.
We request understanding of time and effort required where the issue is with a third-party and not our own codebase or system configuration. Our products and platform have been built on a wide-range of technologies and capabilities. If a problem has been identified in an underlying technology that we rely on, we will work with that community or company to have the issue rectified as quickly as possible.
Reporting an identified security-related issue
We condone a responsible approach to disclosure of security-related issues. If you think you have discovered a security-related issue with our systems and/or operating environment we appreciate your help in disclosing the issue to us responsibly.
We request a suitable period of time to give us an opportunity to correct a potential exposure or vulnerability before it is publicly disclosed.
Please contact us at email@example.com with a description of the issue and any details that may be required to reproduce the security-related issue.
We also request that you make an effort to protect the privacy of our user data if an issue has been identified. We are very committed to addressing security issues in an effective and timely manner.
We manage our bug identification program through the Bugcrowd platform at the following Instaclustr Bugcrowd site.
All security-related issues sent to us will follow this process:
- Acknowledge and investigate. Our security architect will firstly acknowledge your submission and will work with you to understand the issue.
- Assess and review. We will have our engineering team work with our security architect to identify the root cause and address any problems as quickly as possible. Throughout our assessment period our security architect will continue to communicate with you on our progress.
- Applaud and reward. We will provide credit and swag to those who identify the issue. For any significant and serious issues that are identified we may also provide a one-off payment if the issue was identified and disclosed in a responsible manner.
See our Bug Bounty Program and at our Bugcrowd site.
Aleks is responsible for the cyber security of Instaclustr systems and our development and support environments. He is charged with reviewing our designs and implementation for robustness and also managing our cyber security program and formal certification processes.
Prior to Instaclustr, Aleks works for BAE Systems in the Applied Intelligence division as the manager of a formal cyber security testing facility and a cryptographic assessment laboratory. Aleks has extensive experience in assessing and testing the security of information systems.