The information and information systems are valuable assets and must be protected. This is achieved by
implementing proper security frameworks for managing risks and ensuring business continuity by
preventing security incidents and reducing their potential impact.
We are using AWS Global Cloud Infrastructure to manage the application code, data, database and
documentation. More details on how AWS’s security controls are implemented can be found here
Data is the key to any business, and to maintain confidentiality, availability and integrity of data at
all times, we follow strict ISMS guidelines that revolve around our architecture, development and
operations. Additionally, we use Amazon’s Relational Database Service for database operations in the
cloud - which ensure secure and controlled network access through an industry-standard encrypted IPsec
VPN along with scalability and High availability coupled with role based access restrictions. Access
control is further enhanced through the Amazon Access Control Lists which provide an added layer of
security based on Source and target identity.
All data transferred between your browser and servers is secured with industry standard TLS 1.2/1.3
encryption protocols. This includes web application, API, mobile Apps and email client access.
We have enabled secure configurations like perfect forward secrecy (PFS) and HTTP Strict Transport
Security header (HSTS) to all our web traffic, this mandates browsers to connect only via encrypted
All our storage disks of all server instances are encrypted using Disk Level Encryption.
Customer data using sensitive fields is highly encrypted using 256-bit Advanced Encryption Standard
(AES), further strengthened with AWS Key Management Service (KMS) for Key management.
Backups are encrypted using AES-256 at AWS S3.
Engineering teams follow secure coding guidelines, as well as manual review/ screening of the code before
it is deployed to production environment.
The secure coding guidelines are based on OWASP standards and implemented accordingly to protect against
common threats and attack vectors (like SQL injection, Cross site scripting) within the application
Our applications and services are hosted on Amazon Web Services environment across multiple regions using
a combination of various AWS products and services. The infrastructure for databases and application
server instances are securely managed and maintained by AWS.
The application is initially protected by AWS’s Firewall which is highly equipped to counter regular DDoS
attacks and other network related intrusions in a real time environment. The second layer of protection
is a web application firewall (WAF) which monitors against offending IPs, users and spam to prevent from
At KONZE, we take an integrated approach to application security, to ensure everything from engineering
to deployment, including architecture and quality assurance processes, complies with our highest
standards of security.
While the application can be accessed only by users with valid user access, it should be noted that
security in cloud-based products is a shared responsibility between the company and the businesses who
own those accounts on the cloud.
We use the best possible security by assigning Authentication tokens passed through the WebAPI to access
our services. The AWS Security Token Service configured over AWS IAM roles for users offers a cutting
edge authentication mechanism deployed as part of our environmental access controls.
Our Local Internal network where applications are developed, deployed, monitored and managed is highly
secured by industry-grade Firewalls with UTM and industry-leading Antivirus software suites, to protect
internal information, data and network from intrusions and to provide real time alerts in the event of a
threat or an incident.
All our Firewall logs are stored and reviewed periodically. Advanced features of Firewall like real time
network systems monitoring, traffic tracking, malicious attack detection, Threat Weight Tracking have
been well configured and live alerts are enabled to support staff for prompt reaction.
Access to the production environment is strictly constrained via SSH and remote access is possible only
via the Internal Office Network. Audit logs are generated for each remote user session and reviewed by a
team of experts in almost real time. Also, the accesses to production systems are always through a
multi-factor authentication mechanism. Our data centers hosted in AWS are ISO 27001 and SSAE-16
These practices focus on monitoring real time communication systems for active threats and procedures to
keep information systems protected.
Logging & Monitoring
Infrastructure and applications are monitored 24X7 with proprietary and enterprise tools. We monitor
internal traffic within our network, as well as usage of devices and terminals. We record application
logs, security logs, administrator logs, and system logs. These logs are then analyzed and correlated
for anomalies and adverse events which maybe further investigated and escalated as incidents. These logs
are stored securely in an isolated capacity.
Backing up the data regularly is critical for any Organization with business continuity in mind. We
backup our AWS EC2 instances by creating their images using Amazon Machine Image (AMI), whereby a
snapshot is created from the existing instance and can be used to restore the instance back completely,
Each snapshot (image) preserves the configuration and can be used to deploy new copies of it if needed in
the unlikely event of instance failure. Images are stored on Amazon S3 which is known for being highly
durable and reliable. Further, AWS full and partial Database backup solutions are used to automate
backups on AWS RDS.
The technologies working in collaboration offer a dependable backup solution and the system can be
restored to an operational state with minimum to no downtime.
We perform preventative maintenance to protect against any potential vulnerabilities by deploying patches
as and when they are developed internally or otherwise become available.
At Konze, we ensure that our development and AWS instances run on up-to-date supported Operating Systems
with advised security patches in a timely manner.
Incident Management & Disaster Recovery
Incident Management Process describes the activities of an organization to identify, analyze, and correct
hazards to prevent a future occurrence. If not managed, an incident can escalate into an emergency,
crisis or a disaster.
Industry leading Incident Handling and Response tools are in use for Incident Management. Under strict
Internal Policies every event gets recorded and analyzed. If identified as a possible threat scenario, a
Risk Management Plan is put to action where the event and its monitoring / control mechanisms get
re-evaluated to avoid any future reoccurrence.
With system availability and uptime at the heart of our service offering, we use AWS DR Plans backed up
by strict SLA clauses. Combined with our backup & restore mechanisms with agility being at the
forefront, our DR solutions offers the shortest MTT (Mean Time To Recovery) in case of an unforeseen
Dedicated team is responsible to look at different events occurring within the environment that applies
to you, and we follow the industry’s best practices mandatory actions of handling and reporting it in a
timely manner. We track the root cause of the problem and take precautionary measures to avoid this in
future. Further measures and controls are put in place to mitigate similar situations.
If a breach is discovered at the service level, we will alert it’s customers and the concerned
authorities within 72 hours of the discovery.