Skip to content

Security at Katana Cloud Inventory 

At Katana Cloud Inventory, we take the security and privacy of your data seriously. Our mission is to provide you with a secure, reliable platform that you can trust. Below is an overview of our security practices and protocols to ensure the safety of your information. 

Data security 

Katana application data is secured in transit using TLS, and encrypted at rest in using industry-standard encryption algorithms. 

Access Control 

  • Authentication: Employees sign in to resources using Single Sign On. They are required to separately sign in to any system or application that does not support SSO using passwords that conform to Katana’s security policies. Additionally, we enforce MFA wherever possible.
  • Authorization: Role-based access control (RBAC) ensures that users only have access to the data and systems they need to perform their daily tasks. We perform regular access reviews and remove unnecessary permissions. 

Infrastructure security 

Katana is primarily hosted on AWS infrastructure, giving Katana access to numerous security benefits and tooling that AWS hosting provides to its customers.   

We follow a continuous posture management approach to ensure all production systems are deployed on a hardened base and follow a standard configuration. 

Application Security 

  • Code Reviews: Katana audits changes to the application throughout the development lifecycle. Architecture reviews and stringent code review processes are performed. 

We also have a responsible disclosure program to incentivize external researchers to find and disclose bugs. See responsible disclosure.

Monitoring and Incident Response 

Our infrastructure is continuously monitored for suspicious activity and potential threats. 

We have an incident response plan ready to act immediately in case of a security breach. 

Data backups 

Customer data is backed up regularly using automated AWS backup features. Multiple backup schedules are maintained to prevent data loss. 

Disaster recovery 

Katana has a documented disaster recovery and business continuity plan to be activated and followed in the event of damage or disruption to the systems environment. 

Compliance 

  • GDPR: We comply with the General Data Protection Regulation (GDPR) to ensure your data is handled with the utmost care and privacy. 
  • SOC 2: Katana is proud to have successfully completed SOC 2 Type II audit by an independent third-party auditor, ensuring customers that our security controls have been attested and validated. We are constantly looking for ways to improve not only the security of our product but also how we conduct business on a daily basis. We are also utilizing a 3rd party platform where we continuously monitor our SOC 2 compliance status to make sure we stay compliant even outside of the audit period.

By implementing these practices and continuously improving our security measures, we aim to provide a safe and secure environment for all our users. Your trust is our top priority. 

Contact Us 

If you have any questions about our security practices or need to report a security issue, please contact our security team at [email protected]