Current security posture, as of June 4, 2026.

Defense in depth

Network, identity, application, and data planes each enforce their own controls. No single layer is load-bearing for the system's safety.

Least privilege by default

Every service identity, every user role, and every CI job receives the narrowest set of permissions it needs to do its job. Broad roles require a written justification.

Threat modeling per engagement

Every engagement opens with a written threat model — what we are protecting, who the adversaries are, and how the controls map to them. Updated on material change.

Secrets management discipline

Secrets live in cloud KMS or a managed vault, never in source. CI rotates short-lived credentials, and access is logged at the secret level.

Continuous dependency scanning

Every repo runs dependency and container scanning in CI on every PR. Critical vulnerabilities block merge until remediated or risk-accepted in writing.

Security review gate before production

Every production deploy passes a written security review — control coverage, threat-model deltas, and a named owner — before traffic moves.

Encryption

• AES-256 at rest across managed cloud stores and customer-controlled BYOK where required.
• TLS 1.2 or higher in transit, with mTLS between service-to-service hops inside the cluster.
• Per-tenant key separation where the data model warrants it; documented per engagement.

Access controls

• Federated SSO with mandatory MFA for all human access to production planes.
• Role-based access control with periodic review and just-in-time elevation for production changes.
• Audit logs retained per regulatory minimum, shipped to a dedicated logging account.

Data residency options

• US-only deployments by default; FedRAMP-aligned regions (Azure Government, AWS GovCloud) for federal workloads.
• Customer-controlled BYOK for tenants that require key custody.
• Single-tenant deployments inside the customer's cloud account where the use case requires it.