Crossbeam is hosted on AWS. The AWS data center and network architecture are built to meet the requirements of the most risk-sensitive organizations. AWS makes available SOC 1, SOC 2, and SOC 3 reports, as well as ISO 9001, ISO 27001, ISO 27017, and ISO 27018 certificates, and maintains extensive compliance and security documentation.
Crossbeam uses Auth0 as our authentication layer and we support Google OAuth. Our roadmap includes support for additional SSO solutions, including SAML, and these will be prioritized in future engineering sprints based on client demand.
We encrypt all data at rest and in transit. Data is stored in AWS RDS and encrypted with custom keys from AWS KMS. All database connections use SSL. HSTS is used to ensure browsers always encrypt all communication.
Data backups are provided via Amazon's Relational Database Service (RDS). The snapshots are encrypted using their Key Management Service (KMS).
We use AWS GuardDuty to continuously monitor and alert us to threats to our internal systems.
Crossbeam performs monthly reviews of software dependencies and upgrade any outdated or vulnerable libraries. Additionally, EC2 instances are rotated on a regular basis to use the latest versions of Ubuntu and Amazon Linux. We also subscribe to updates from US-CERT for critical software security issues.
We complete manual penetration tests conducted by a third-party security firm on a quarterly basis.
Crossbeam has two network domains: a DMZ for public HTTP load balancers and bastion servers as well as an internal domain for servers and databases. These are located within individual subnets in our AWS VPC. We enforce strict firewall rules at the edges. All firewall (security group) changes are applied via Terraform and are subject to code review by a senior member of the engineering team.