Kanonika logo
Sign inRequest a pilot

Security

Built secure. Proven secure.

Security is built into every layer of Kanonika — how data is encrypted, how every action is authorized and signed, and how each change is verified and recorded. Here are the controls in place today.

Data security

  • Encryption at rest — AES-256 via AWS KMS, with separate customer-managed keys per service and automatic key rotation.
  • Encryption in transit — TLS 1.3 on a mutually-authenticated control channel, verified against our private certificate authority.
  • Customer data is tenant-isolated; we don't sell it or use it to train shared models.

Tamper-proof evidence

  • Every detection, decision, and change is written to a hash-chained, tamper-evident ledger.
  • The ledger is anchored in Amazon S3 Object Lock (WORM) with 7-year immutable retention.
  • Point-in-time evidence exports — auditors get a verifiable record, not a screenshot scramble.

Processing integrity

  • Every remediation job is cryptographically signed (KMS ECDSA P-256) and verified by the executing agent before it runs.
  • Non-destructive execution constraints with reversibility classification — risky changes require explicit acknowledgement.
  • Closed-loop verification: an authoritative re-scan confirms each fix (patent-pending).

Access & isolation

  • Portal-validated, tenant-scoped access tokens — no “any token” acceptance.
  • Role-based access control across operator, approver, analyst, and viewer roles.
  • Every data query is scoped to the tenant as its first condition.

Operational security

  • VPC flow logging for network-level audit and forensics.
  • KMS-encrypted log storage with retention controls; secrets are redacted from logs.
  • Backups and recoverability — DynamoDB point-in-time recovery and S3 versioning.

Compliance posture

  • Built to the SOC 2 Trust Services Criteria, with a TSC-mapped internal control program.
  • 576 control mappings across CIS Controls v8.1, NIST 800-53 Rev 5, ISO 27001:2022, and SOC 2.
  • Continuous, framework-mapped evidence of control state over time.

Need detail for your security review?

We share control documentation and evidence under NDA.

Get in touch