viasocket small logo
Ctrl + K
FAQ
Security and Compliance
Questions
viaSocket – Data Encryption Practices

viaSocket – Data Encryption Practices

At viaSocket.com, we take data security seriously and follow industry best practices to ensure customer data is protected both in transit and at rest.

1. Data Encryption In Transit:

  • We use TLS 1.2/1.3 to encrypt all data transmitted between clients and our servers.

  • All APIs and application endpoints are served over HTTPS with strong cipher suites.

2. Data Encryption At Rest:

  • Customer data stored in our databases is encrypted using AES-256 encryption.

  • Sensitive credentials and secrets are further secured using encryption key management systems provided by our cloud providers (e.g., AWS KMS or equivalent).

3. Secrets and API Keys:

  • We never store plaintext secrets. All API tokens and sensitive information are encrypted before storage.

  • Vaulting and access control policies are in place to restrict sensitive data access.

4. Access Control:

  • We use role-based access control (RBAC) to limit internal access to encrypted data.

  • Data is only accessible by services or personnel with a strict need-to-know basis.

Check out the ISO certificate —

Here

ISO Certificate
Jun 12, 2025

Yes, all changes to the production environment are reviewed by at least two team members. We have dedicated release managers who review and approve every deployment after peer code review, ensuring proper oversight before any changes are applied to production.

Config Management
Jun 12, 2025

Yes, all critical security events in our production environment are comprehensively logged and monitored. This includes:

  • Authentication Events: All user authentication attempts, both successful and failed, are logged via Google Cloud Audit Logs and our integrated identity access management tools.

  • SSH Sessions: SSH access to production systems is tightly restricted and rarely used. When required, all SSH access is logged, and session activity (including commands executed) is recorded using GCP’s logging infrastructure.

  • Privilege Elevations: Any privilege elevation, such as use of sudo or changes to IAM roles and permissions, is automatically tracked through Cloud Audit Logs, ensuring full traceability of administrative actions.

  • Log Access Control: Access to production logs is strictly limited to a small number of authorized personnel. Role-based access controls (RBAC) in GCP ensure that only relevant team members with a legitimate operational need can view or query sensitive logs. All access to logs is itself auditable and monitored.

Logs are securely stored, timestamped, and retained according to our internal policy. They are regularly reviewed and used for security monitoring, incident response, and compliance verification. Anomalies and suspicious events are flagged through our observability stack, which includes Atatus, Cloudflare, and GCP-native monitoring tools.

Logs
Jun 12, 2025

Data exfiltration from production environments is tightly controlled. SSH access to production servers is restricted through IAM-based access control, and only a very limited set of authorized engineers are granted permission. All access is logged and monitored. Additionally, production environments are configured to disallow file extraction or external data transfers, and outbound internet access is disabled by default where not explicitly required. These measures collectively ensure that data movement from production systems is tightly regulated.

Production Data Exfiltration Controls
Jun 12, 2025
© 2024 viaSocket All rights reserved. A product of walkover