Product security is of paramount importance at Deepomatic. Deepomatic uses a software development lifecycle in line with general Agile principles. When security effort is applied throughout the Agile release cycle, security oriented software defects are able to be discovered and addressed more rapidly than in longer release cycle development methodologies. Software patches are released as part of our continuous integration process. Patches that can impact end users will be applied as soon as possible but may necessitate end user notification and scheduling a service window.
Deepomatic performs continuous delivery. In this way we are able to respond rapidly to both functional and security issues. In this way, Deepomatic is able to achieve extremely short mean time to resolution for security vulnerabilities and functional issues alike. Deepomatic is continuously improving our DevOps practice in an iterative fashion.
The Deepomatic production infrastructure is hosted in Cloud Service Provider (CSP) environments. Physical and environmental security related controls for Deepomatic production servers, which includes buildings, locks or keys used on doors, are managed by these CSP’s. “We use multiple physical security layers to protect our data center floors and use technologies like biometric identification, metal detection, cameras, vehicle barriers, and laser-based intrusion detection systems.”
Deepomatic leverages internal services that require transport level security for network access and individually authenticate users by way of a central identity provider and leveraging two factor authentication wherever possible. All Deepomatic employees are encouraged to participate in helping secure our customer data and company assets.