We Take Security Seriously.
TripleBlind treats data, network, and device security with the utmost importance. Using our privacy enhancing technology, we take a variety of steps to ensure the safety of all parties involved with TripleBlind.
TRAINING
Serving Your Security Needs
In addition to providing all Tripleblind employees with yearly security training we take the following steps to ensure our clients can rest easy.
Software
TripleBlind uses three methods to ensure the security of the software that we write and deploy:
- Static code analysis to detect vulnerabilities in software before code is made ready for production
- Library and OSS analysis to detect if a CVE is open against a library that is included in our software
Container scanning to detect errors and vulnerabilities in the Docker containers we ship to our customers
Application
TripleBlind uses several methods to ensure the security of software applications:
- Interactive Application Security Testing (IAST) to detect vulnerabilities at runtime
Runtime Application Security Protection (RASP) to detect attacks on running software applications
Hardware
TripleBlind uses a fleet-management service to monitor TripleBlind hardware assets that have been issued to employees. This service allows us to:
- Locate all devices
- Lock devices
- Securely erase all devices
- Prevent unauthorized applications from being installed
- Prevent removable storage from being used
Network
TripleBlind uses industry-standard security on Wifi endpoints in our offices.
When traveling, all employees use a TripleBlind-provided VPN.
Penetration
TripleBlind has an engagement underway with a third party security assessment firm. Among the goals of this assessment:
- Architecture review and recommendations
- Comprehensive code review with manual and static analysis
- Penetration testing
- Cryptographic analysis
- Security posture evaluation
- Training on security issues and remediation
- Verification of corrective actions taken as a result of results
Alerting
TripleBlind staff receive alerts under the following conditions:
- Anomalies in logging in our cloud environment
- Production or test environments unavailable
- Production attack
SOC 2 Type 1
TripleBlind takes information security and compliance seriously. We achieved SOC 2 Type 1 certified by Laika and Laika Compliance LLC in April, 2022.
For inquiries into our report, please contact compliance@tripleblind.com.
Book A Demo
TripleBlind is built on novel, patented breakthroughs in mathematics and cryptography, unlike other approaches built on top of open source technology. The technology keeps both data and algorithms in use private and fully computable.