Yubi Security
Assurance
Statement

security-symbol

Product
Security Objective

The goals of the YubiSecurity Assurance (CASA) program are to ensure that all our products, solutions and services are designed, developed, and maintained with security in mind, and to provide all our customers with the assurance that their information and assets always remains secure. This document is created with the intention to provide a high level architectural view and security & privacy controls components of the program.

product--img

Overview

The goals of the YubiSecurity Assurance (CASA) program are to ensure that all our products, solutions and services are designed, developed, and maintained with security in mind, and to provide all our customers with the assurance that their information and assets always remains secure. This document is created with the intention to provide a high level architectural view and security & privacy controls components of the program.

privacy-icon

Privacy Practices

At Yubi, we ensure to be always compliant with the India’s Data Protection Bill (Draft) and do not sell or rent your information or data to anyone. Your information will also be not used for any advertisements including personalized or targeted advertising.

All your information available with us will be protected for confidentiality, Integrity and availability. Unless authorized/consent provided by you, we will not be sharing any of your information in complete/partial with anyone.

Data Security

Securing data is our prime objective of the security assurance program. All data stored with us are encrypted both at rest and in transit by default. The communication between the platform and the production servers happens over an AES 256-bit encrypted tunnel which makes it impossible for hackers to tap the data.

Users will not be able to access the application platform without credentials. In addition to username and password, users are prompted for OTP (One-Time Password) before providing access to the application environment.

The data that is supplied to us from our customers/clients/investors are picked up using a secure tunnel enabled with Transport Layer Security (TLS) Database which stores all data is secured with defense in depth control mechanism.

Access to data stored on database is restricted to only authorized application users, Data cannot be accessed outside of application, as direct access to data is restricted.

data-security--icon
user-administration--icon

User Administration

Yubi ensures unique user identifier are created for every personnel requesting access to the application, usage of generic or shared credentials is completely restricted.

User access reviews are conducted periodically to ensure, least privilege and segregation of duties are applied for all platform users and to achieve an controlled user environment.

Application Security

Yubi Security Assurance (CASA) program covers a detailed product security requirements and compliance components. Which includes incorporating security into the software development activities.

Our Application platform is assessed annually by a Cert-In Empaneled Independent Auditors for compliance. In addition, we have an internal team of security professionals who handle periodic vulnerability assessment and penetration testing activities.

The CI/CD (Continuous Integration/Continuous Deployment) pipeline is implemented with appropriate checks and balances for security controls which includes testing of applications before passing on to next stage.

Perimeter level application protection enables the protection against application related threats including threats arising out of 3rd party components used.

application-security--icon
cloud-security--icon

Cloud Security

Yubi is hosted on a Virtual Private Cloud on Amazon Web Services in a multi-tenant architecture. This architecture is high resilient to scale along with the requirement, providing us a more reliable and consistent environment.

Yubi application infrastructure is protected against advanced cyber-attacks by having powerful security controls for complete run time visibility, application threat map, comprehensive protection against known and unknown threats including 0-day vulnerabilities, file less attacks, memory execution protections and file integrity monitoring, to name few.

We have enabled a clear segregation of network between our client operating environments and development environments to ensure Zero-Trust across the platform.

Yubi Infrastructures are launched with CIS benchmark standard for ensuring baseline compliance.

Endpoint Security

All our endpoints are enforced with zero-trust solution, which lockdowns all services and processes by default and allows only authorized processes to execute.

Controlled admin privileges are enabled for our developers to ensure that development activities are aligned with the assurance program. Next-Gen Cloud Security Access Broker ensures all cloud native applications used within the operating environments are controlled.

All Internet traffics are monitored and controlled through secure web gateway.

endpoint-security--icon
monitoring--icon

Monitoring

Yubi endpoints are monitored for compliance 24*7*365 days. In order to achieve zero down time, auto responding capabilities are enabled for blocking malicious network traffic and controlling network traffic.

Continuous vulnerability assessments are performed on endpoints to track the security posture of the operating environment.

Business Continuity & Disaster Recovery

Real time replication of data is enabled at redundant data center for ensuring high availability and to solve the purpose of DR.

Our core application and infrastructure are managed as code which significantly reduces the RTO (Recovery Time Objective).

In addition to standard backup, we also enabled a centralized backup of data to be in compliance with the regulatory requirements.

Data localization is achieved by ensuring all our data are stored within India. Ability to perform restoration at component (granular) level to ensure prioritizing the restoration of critical assets.

recovery--icon
application--icon

Application Development

Yubi incorporates secure coding principles into its development practices. Some of the development principles include:

  • Minimize attack surface area
  • Establish secure defaults
  • Apply least privilege
  • Apply defense-in-depth
  • Fail securely
  • Don’t trust third-party services/data
  • Separation of duties
  • Avoid security by obscurity
  • Keep security simple
  • Fix security issues correctly

Concept and Design

Application security requirements, specifications, and features

With a goal to incorporate security at the earliest possible phase of the product lifecycle, Yubi captures and strives to incorporate specific application security requirements during the concept/design phases of the product lifecycle.

These requirements are normally derived from industry standard best practice guidelines such as the OWASP Development Guide and Security Cheat Sheet Series projects. Some common application security requirements injected in to Yubi products fall into the following high-level categories:

concept--design--icon
  • Identity Management
  • Authentication
  • Session Management
  • Security Engineering’s core responsibilities include:
  • Promoting security in all products and secure software development practices
  • Acting as custodians for the Yubi Security Assurance Program (i.e., the CASA Program)
  • Tracking the security maturity of all products and reporting overall risk postures to Engineering Management
  • Regularly liaising with and supporting Security Advocates and their product teams
  • Providing security related subject matter expertise, SAST and DAST support, and training to all product teams for SAST and DAST related tools and activities
  • Performing direct application security vulnerability assessments and penetration tests as required
  • Tracking all vulnerabilities, threats, and customer reported security issues holistically and ensuring they are being risk treated according to their severity ratings
  • Working with Yubi Customer Support and customers to investigate and seek resolution to customer reported security issues, questions, and concerns
  • Working in cooperation with the Yubi Global Information Security team on various security related initiatives
  • Keeping abreast of new security related threats and trends, attack techniques, tools, and methodologies
privacy--security-policy--icon

Privacy and Security Policy

Yubi is committed to protecting the personal data of our customers. To read our policy statement outlining our principles with respect to personal data collected, processed, and used via our website, visit: