Security at Nadrama
We understand the importance of providing clear information about our security controls, practices, tools, and responsibilities, so customers can feel confident in choosing us as a trusted service provider.
Security Keys
All Nadrama employees use the highest level of MFA available for each system, prioritising YubiKeys and WebAuthn passkeys where supported.
Temporary Access
Employees do not issue long-lived credentials such as AWS keys where roles and temporary credentials may be used instead.
Monitoring Logs
We capture audit logs from key systems, and use RunReveal to monitor and alert on any abnormalities in our infrastructure and application access patterns.
GitOps
Nadrama code and configuration is stored in Git prior to being deployed to production, providing an audit trail of system changes.
In-Transit Encryption
We use TLS/HTTPS on all website/console and cluster/control plane connections to encypt data in-transit, with TLS 1.3 preferred (and used exlusively where feasible).
At-Rest Encryption
We seek vendors who encrypt data at-rest, and when our platform encrypts data at-rest we use AES 256-bit encryption.
Please reach out to security [at] nadrama (dot) com for any security-related questions, concerns, or feedback.