Security & Privacy at Kinesis Cloud
Our commitment to your data and workloads.
Security & Privacy at Kinesis Cloud
Our commitment to your data and workloads.
Security & Privacy at Kinesis Cloud
Our commitment to your data and workloads.
Security & Privacy at Kinesis Cloud
Our commitment to your data and workloads.
Security & Privacy at Kinesis Cloud
Our commitment to your data and workloads.
Security & Privacy at Kinesis Cloud
Our commitment to your data and workloads.
Introduction
At Kinesis Cloud, we take the security and privacy of our customers’ workloads very seriously. Our platform is designed from the ground up to safeguard containerized applications across datacenters, clouds, and even customer-owned infrastructure.
This document provides an overview of our security posture and the measures we take to protect customer environments.
Introduction
At Kinesis Cloud, we take the security and privacy of our customers’ workloads very seriously. Our platform is designed from the ground up to safeguard containerized applications across datacenters, clouds, and even customer-owned infrastructure.
This document provides an overview of our security posture and the measures we take to protect customer environments.
Introduction
At Kinesis Cloud, we take the security and privacy of our customers’ workloads very seriously. Our platform is designed from the ground up to safeguard containerized applications across datacenters, clouds, and even customer-owned infrastructure.
This document provides an overview of our security posture and the measures we take to protect customer environments.
Introduction
At Kinesis Cloud, we take the security and privacy of our customers’ workloads very seriously. Our platform is designed from the ground up to safeguard containerized applications across datacenters, clouds, and even customer-owned infrastructure.
This document provides an overview of our security posture and the measures we take to protect customer environments.
Introduction
At Kinesis Cloud, we take the security and privacy of our customers’ workloads very seriously. Our platform is designed from the ground up to safeguard containerized applications across datacenters, clouds, and even customer-owned infrastructure.
This document provides an overview of our security posture and the measures we take to protect customer environments.
Introduction
At Kinesis Cloud, we take the security and privacy of our customers’ workloads very seriously. Our platform is designed from the ground up to safeguard containerized applications across datacenters, clouds, and even customer-owned infrastructure.
This document provides an overview of our security posture and the measures we take to protect customer environments.
1. Infrastructure Security
Trusted Datacenter Providers
We source compute and network capacity from reputable operators including AWS, Google Cloud, OVH, Hyperstack, and others. These providers maintain their own certifications (e.g., SOC 2, ISO/IEC 27001) and enforce strong physical and operational controls.
Multi-Datacenter Architecture
Our platform spans multiple facilities and providers, ensuring redundancy and resiliency. This geographic diversity minimizes single-point-of-failure risks.
Customer-Owned Infrastructure
Customers may also connect their own machines to the Kinesis Cloud control plane. In those cases, physical and local infrastructure security remains the customer’s responsibility.
1. Infrastructure Security
Trusted Datacenter Providers
We source compute and network capacity from reputable operators including AWS, Google Cloud, OVH, Hyperstack, and others. These providers maintain their own certifications (e.g., SOC 2, ISO/IEC 27001) and enforce strong physical and operational controls.
Multi-Datacenter Architecture
Our platform spans multiple facilities and providers, ensuring redundancy and resiliency. This geographic diversity minimizes single-point-of-failure risks.
Customer-Owned Infrastructure
Customers may also connect their own machines to the Kinesis Cloud control plane. In those cases, physical and local infrastructure security remains the customer’s responsibility.
1. Infrastructure Security
Trusted Datacenter Providers
We source compute and network capacity from reputable operators including AWS, Google Cloud, OVH, Hyperstack, and others. These providers maintain their own certifications (e.g., SOC 2, ISO/IEC 27001) and enforce strong physical and operational controls.
Multi-Datacenter Architecture
Our platform spans multiple facilities and providers, ensuring redundancy and resiliency. This geographic diversity minimizes single-point-of-failure risks.
Customer-Owned Infrastructure
Customers may also connect their own machines to the Kinesis Cloud control plane. In those cases, physical and local infrastructure security remains the customer’s responsibility.
1. Infrastructure Security
Trusted Datacenter Providers
We source compute and network capacity from reputable operators including AWS, Google Cloud, OVH, Hyperstack, and others. These providers maintain their own certifications (e.g., SOC 2, ISO/IEC 27001) and enforce strong physical and operational controls.
Multi-Datacenter Architecture
Our platform spans multiple facilities and providers, ensuring redundancy and resiliency. This geographic diversity minimizes single-point-of-failure risks.
Customer-Owned Infrastructure
Customers may also connect their own machines to the Kinesis Cloud control plane. In those cases, physical and local infrastructure security remains the customer’s responsibility.
1. Infrastructure Security
Trusted Datacenter Providers
We source compute and network capacity from reputable operators including AWS, Google Cloud, OVH, Hyperstack, and others. These providers maintain their own certifications (e.g., SOC 2, ISO/IEC 27001) and enforce strong physical and operational controls.
Multi-Datacenter Architecture
Our platform spans multiple facilities and providers, ensuring redundancy and resiliency. This geographic diversity minimizes single-point-of-failure risks.
Customer-Owned Infrastructure
Customers may also connect their own machines to the Kinesis Cloud control plane. In those cases, physical and local infrastructure security remains the customer’s responsibility.
1. Infrastructure Security
Trusted Datacenter Providers
We source compute and network capacity from reputable operators including AWS, Google Cloud, OVH, Hyperstack, and others. These providers maintain their own certifications (e.g., SOC 2, ISO/IEC 27001) and enforce strong physical and operational controls.
Multi-Datacenter Architecture
Our platform spans multiple facilities and providers, ensuring redundancy and resiliency. This geographic diversity minimizes single-point-of-failure risks.
Customer-Owned Infrastructure
Customers may also connect their own machines to the Kinesis Cloud control plane. In those cases, physical and local infrastructure security remains the customer’s responsibility.
2. Network & Transport Security
Encrypted Connections
All communications are encrypted using TLS/SSL. Node-to-node and inter-datacenter communication runs over WireGuard VPN tunnels with modern cryptography.
Segmentation & Isolation
Customer workloads are logically isolated at both the network and orchestration layers.
Resilient Gateways
Proven technologies such as HAProxy and Nginx provide TLS termination, traffic management, and high-availability load balancing.
2. Network & Transport Security
Encrypted Connections
All communications are encrypted using TLS/SSL. Node-to-node and inter-datacenter communication runs over WireGuard VPN tunnels with modern cryptography.
Segmentation & Isolation
Customer workloads are logically isolated at both the network and orchestration layers.
Resilient Gateways
Proven technologies such as HAProxy and Nginx provide TLS termination, traffic management, and high-availability load balancing.
2. Network & Transport Security
Encrypted Connections
All communications are encrypted using TLS/SSL. Node-to-node and inter-datacenter communication runs over WireGuard VPN tunnels with modern cryptography.
Segmentation & Isolation
Customer workloads are logically isolated at both the network and orchestration layers.
Resilient Gateways
Proven technologies such as HAProxy and Nginx provide TLS termination, traffic management, and high-availability load balancing.
2. Network & Transport Security
Encrypted Connections
All communications are encrypted using TLS/SSL. Node-to-node and inter-datacenter communication runs over WireGuard VPN tunnels with modern cryptography.
Segmentation & Isolation
Customer workloads are logically isolated at both the network and orchestration layers.
Resilient Gateways
Proven technologies such as HAProxy and Nginx provide TLS termination, traffic management, and high-availability load balancing.
2. Network & Transport Security
Encrypted Connections
All communications are encrypted using TLS/SSL. Node-to-node and inter-datacenter communication runs over WireGuard VPN tunnels with modern cryptography.
Segmentation & Isolation
Customer workloads are logically isolated at both the network and orchestration layers.
Resilient Gateways
Proven technologies such as HAProxy and Nginx provide TLS termination, traffic management, and high-availability load balancing.
2. Network & Transport Security
Encrypted Connections
All communications are encrypted using TLS/SSL. Node-to-node and inter-datacenter communication runs over WireGuard VPN tunnels with modern cryptography.
Segmentation & Isolation
Customer workloads are logically isolated at both the network and orchestration layers.
Resilient Gateways
Proven technologies such as HAProxy and Nginx provide TLS termination, traffic management, and high-availability load balancing.
3. Platform & Container Security
Container Runtime
Workloads run on Docker, hardened with additional controls and monitoring.
Host Hardening & Updates
We standardize on Ubuntu LTS, with hardened configurations and a strict patching process. Regular updates ensure that all nodes are “up to snuff” with the latest security fixes.
Automatic Failover
In case of server or datacenter disruption, workloads automatically reschedule to healthy environments.
Customer Images
Customers control the content of their containers. We encourage best practices such as signed images, vulnerability scanning, and minimal base layers.
3. Platform & Container Security
Container Runtime
Workloads run on Docker, hardened with additional controls and monitoring.
Host Hardening & Updates
We standardize on Ubuntu LTS, with hardened configurations and a strict patching process. Regular updates ensure that all nodes are “up to snuff” with the latest security fixes.
Automatic Failover
In case of server or datacenter disruption, workloads automatically reschedule to healthy environments.
Customer Images
Customers control the content of their containers. We encourage best practices such as signed images, vulnerability scanning, and minimal base layers.
3. Platform & Container Security
Container Runtime
Workloads run on Docker, hardened with additional controls and monitoring.
Host Hardening & Updates
We standardize on Ubuntu LTS, with hardened configurations and a strict patching process. Regular updates ensure that all nodes are “up to snuff” with the latest security fixes.
Automatic Failover
In case of server or datacenter disruption, workloads automatically reschedule to healthy environments.
Customer Images
Customers control the content of their containers. We encourage best practices such as signed images, vulnerability scanning, and minimal base layers.
3. Platform & Container Security
Container Runtime
Workloads run on Docker, hardened with additional controls and monitoring.
Host Hardening & Updates
We standardize on Ubuntu LTS, with hardened configurations and a strict patching process. Regular updates ensure that all nodes are “up to snuff” with the latest security fixes.
Automatic Failover
In case of server or datacenter disruption, workloads automatically reschedule to healthy environments.
Customer Images
Customers control the content of their containers. We encourage best practices such as signed images, vulnerability scanning, and minimal base layers.
3. Platform & Container Security
Container Runtime
Workloads run on Docker, hardened with additional controls and monitoring.
Host Hardening & Updates
We standardize on Ubuntu LTS, with hardened configurations and a strict patching process. Regular updates ensure that all nodes are “up to snuff” with the latest security fixes.
Automatic Failover
In case of server or datacenter disruption, workloads automatically reschedule to healthy environments.
Customer Images
Customers control the content of their containers. We encourage best practices such as signed images, vulnerability scanning, and minimal base layers.
3. Platform & Container Security
Container Runtime
Workloads run on Docker, hardened with additional controls and monitoring.
Host Hardening & Updates
We standardize on Ubuntu LTS, with hardened configurations and a strict patching process. Regular updates ensure that all nodes are “up to snuff” with the latest security fixes.
Automatic Failover
In case of server or datacenter disruption, workloads automatically reschedule to healthy environments.
Customer Images
Customers control the content of their containers. We encourage best practices such as signed images, vulnerability scanning, and minimal base layers.
4. Application & Data Layer
Backend Stack
Our control plane and services are built with robust, industry-standard languages such as C# and Go, chosen for performance, reliability, and maintainability.
Database Security
We use MongoDB Atlas, a fully managed service that maintains the recommended release level, provides automated patching, and includes built-in encryption and backups.
Encryption at Rest & in Transit
All sensitive data is encrypted at rest and protected in transit with TLS.
4. Application & Data Layer
Backend Stack
Our control plane and services are built with robust, industry-standard languages such as C# and Go, chosen for performance, reliability, and maintainability.
Database Security
We use MongoDB Atlas, a fully managed service that maintains the recommended release level, provides automated patching, and includes built-in encryption and backups.
Encryption at Rest & in Transit
All sensitive data is encrypted at rest and protected in transit with TLS.
4. Application & Data Layer
Backend Stack
Our control plane and services are built with robust, industry-standard languages such as C# and Go, chosen for performance, reliability, and maintainability.
Database Security
We use MongoDB Atlas, a fully managed service that maintains the recommended release level, provides automated patching, and includes built-in encryption and backups.
Encryption at Rest & in Transit
All sensitive data is encrypted at rest and protected in transit with TLS.
4. Application & Data Layer
Backend Stack
Our control plane and services are built with robust, industry-standard languages such as C# and Go, chosen for performance, reliability, and maintainability.
Database Security
We use MongoDB Atlas, a fully managed service that maintains the recommended release level, provides automated patching, and includes built-in encryption and backups.
Encryption at Rest & in Transit
All sensitive data is encrypted at rest and protected in transit with TLS.
4. Application & Data Layer
Backend Stack
Our control plane and services are built with robust, industry-standard languages such as C# and Go, chosen for performance, reliability, and maintainability.
Database Security
We use MongoDB Atlas, a fully managed service that maintains the recommended release level, provides automated patching, and includes built-in encryption and backups.
Encryption at Rest & in Transit
All sensitive data is encrypted at rest and protected in transit with TLS.
4. Application & Data Layer
Backend Stack
Our control plane and services are built with robust, industry-standard languages such as C# and Go, chosen for performance, reliability, and maintainability.
Database Security
We use MongoDB Atlas, a fully managed service that maintains the recommended release level, provides automated patching, and includes built-in encryption and backups.
Encryption at Rest & in Transit
All sensitive data is encrypted at rest and protected in transit with TLS.
5. Data Protection & Privacy
Customer Data Ownership
Customers retain full ownership of their images, data, and workloads. Kinesis Cloud does not access application data except when explicitly required for support.
Minimal Metadata Collection
We collect only the telemetry required to operate and improve the platform. Logs and control plane data are retained only as long as necessary.
Privacy by Design
Our architecture minimizes unnecessary exposure of customer information and adheres to industry best practices.
5. Data Protection & Privacy
Customer Data Ownership
Customers retain full ownership of their images, data, and workloads. Kinesis Cloud does not access application data except when explicitly required for support.
Minimal Metadata Collection
We collect only the telemetry required to operate and improve the platform. Logs and control plane data are retained only as long as necessary.
Privacy by Design
Our architecture minimizes unnecessary exposure of customer information and adheres to industry best practices.
5. Data Protection & Privacy
Customer Data Ownership
Customers retain full ownership of their images, data, and workloads. Kinesis Cloud does not access application data except when explicitly required for support.
Minimal Metadata Collection
We collect only the telemetry required to operate and improve the platform. Logs and control plane data are retained only as long as necessary.
Privacy by Design
Our architecture minimizes unnecessary exposure of customer information and adheres to industry best practices.
5. Data Protection & Privacy
Customer Data Ownership
Customers retain full ownership of their images, data, and workloads. Kinesis Cloud does not access application data except when explicitly required for support.
Minimal Metadata Collection
We collect only the telemetry required to operate and improve the platform. Logs and control plane data are retained only as long as necessary.
Privacy by Design
Our architecture minimizes unnecessary exposure of customer information and adheres to industry best practices.
5. Data Protection & Privacy
Customer Data Ownership
Customers retain full ownership of their images, data, and workloads. Kinesis Cloud does not access application data except when explicitly required for support.
Minimal Metadata Collection
We collect only the telemetry required to operate and improve the platform. Logs and control plane data are retained only as long as necessary.
Privacy by Design
Our architecture minimizes unnecessary exposure of customer information and adheres to industry best practices.
5. Data Protection & Privacy
Customer Data Ownership
Customers retain full ownership of their images, data, and workloads. Kinesis Cloud does not access application data except when explicitly required for support.
Minimal Metadata Collection
We collect only the telemetry required to operate and improve the platform. Logs and control plane data are retained only as long as necessary.
Privacy by Design
Our architecture minimizes unnecessary exposure of customer information and adheres to industry best practices.
6. Monitoring & Operations
Continuous Monitoring
Our systems continuously track cluster health, network integrity, and anomalies.
Incident Response
A documented incident response process ensures rapid isolation, remediation, and transparent communication.
Proactive Patching
All critical components — Ubuntu, WireGuard, HAProxy, Nginx, Docker, MongoDB Atlas — are patched promptly and systematically.
6. Monitoring & Operations
Continuous Monitoring
Our systems continuously track cluster health, network integrity, and anomalies.
Incident Response
A documented incident response process ensures rapid isolation, remediation, and transparent communication.
Proactive Patching
All critical components — Ubuntu, WireGuard, HAProxy, Nginx, Docker, MongoDB Atlas — are patched promptly and systematically.
6. Monitoring & Operations
Continuous Monitoring
Our systems continuously track cluster health, network integrity, and anomalies.
Incident Response
A documented incident response process ensures rapid isolation, remediation, and transparent communication.
Proactive Patching
All critical components — Ubuntu, WireGuard, HAProxy, Nginx, Docker, MongoDB Atlas — are patched promptly and systematically.
6. Monitoring & Operations
Continuous Monitoring
Our systems continuously track cluster health, network integrity, and anomalies.
Incident Response
A documented incident response process ensures rapid isolation, remediation, and transparent communication.
Proactive Patching
All critical components — Ubuntu, WireGuard, HAProxy, Nginx, Docker, MongoDB Atlas — are patched promptly and systematically.
6. Monitoring & Operations
Continuous Monitoring
Our systems continuously track cluster health, network integrity, and anomalies.
Incident Response
A documented incident response process ensures rapid isolation, remediation, and transparent communication.
Proactive Patching
All critical components — Ubuntu, WireGuard, HAProxy, Nginx, Docker, MongoDB Atlas — are patched promptly and systematically.
6. Monitoring & Operations
Continuous Monitoring
Our systems continuously track cluster health, network integrity, and anomalies.
Incident Response
A documented incident response process ensures rapid isolation, remediation, and transparent communication.
Proactive Patching
All critical components — Ubuntu, WireGuard, HAProxy, Nginx, Docker, MongoDB Atlas — are patched promptly and systematically.
7. Leadership & Expertise
Experienced Team
Kinesis Cloud is led by industry veterans with backgrounds at AWS, Microsoft, Meta, Mozilla, and IBM. Many bring direct security expertise, shaping our policies and practices from day one.
Culture of Security
Security is integrated into our development lifecycle and operational playbooks, not treated as an afterthought.
7. Leadership & Expertise
Experienced Team
Kinesis Cloud is led by industry veterans with backgrounds at AWS, Microsoft, Meta, Mozilla, and IBM. Many bring direct security expertise, shaping our policies and practices from day one.
Culture of Security
Security is integrated into our development lifecycle and operational playbooks, not treated as an afterthought.
7. Leadership & Expertise
Experienced Team
Kinesis Cloud is led by industry veterans with backgrounds at AWS, Microsoft, Meta, Mozilla, and IBM. Many bring direct security expertise, shaping our policies and practices from day one.
Culture of Security
Security is integrated into our development lifecycle and operational playbooks, not treated as an afterthought.
7. Leadership & Expertise
Experienced Team
Kinesis Cloud is led by industry veterans with backgrounds at AWS, Microsoft, Meta, Mozilla, and IBM. Many bring direct security expertise, shaping our policies and practices from day one.
Culture of Security
Security is integrated into our development lifecycle and operational playbooks, not treated as an afterthought.
7. Leadership & Expertise
Experienced Team
Kinesis Cloud is led by industry veterans with backgrounds at AWS, Microsoft, Meta, Mozilla, and IBM. Many bring direct security expertise, shaping our policies and practices from day one.
Culture of Security
Security is integrated into our development lifecycle and operational playbooks, not treated as an afterthought.
7. Leadership & Expertise
Experienced Team
Kinesis Cloud is led by industry veterans with backgrounds at AWS, Microsoft, Meta, Mozilla, and IBM. Many bring direct security expertise, shaping our policies and practices from day one.
Culture of Security
Security is integrated into our development lifecycle and operational playbooks, not treated as an afterthought.
8. Shared Responsibility
Security in the cloud is a shared responsibility:
Kinesis Cloud secures the orchestration system, control plane, networking fabric, and infrastructure we provide.
Customers secure their images, application code, secrets, and any infrastructure they connect to our control plane.
8. Shared Responsibility
Security in the cloud is a shared responsibility:
Kinesis Cloud secures the orchestration system, control plane, networking fabric, and infrastructure we provide.
Customers secure their images, application code, secrets, and any infrastructure they connect to our control plane.
8. Shared Responsibility
Security in the cloud is a shared responsibility:
Kinesis Cloud secures the orchestration system, control plane, networking fabric, and infrastructure we provide.
Customers secure their images, application code, secrets, and any infrastructure they connect to our control plane.
8. Shared Responsibility
Security in the cloud is a shared responsibility:
Kinesis Cloud secures the orchestration system, control plane, networking fabric, and infrastructure we provide.
Customers secure their images, application code, secrets, and any infrastructure they connect to our control plane.
8. Shared Responsibility
Security in the cloud is a shared responsibility:
Kinesis Cloud secures the orchestration system, control plane, networking fabric, and infrastructure we provide.
Customers secure their images, application code, secrets, and any infrastructure they connect to our control plane.
8. Shared Responsibility
Security in the cloud is a shared responsibility:
Kinesis Cloud secures the orchestration system, control plane, networking fabric, and infrastructure we provide.
Customers secure their images, application code, secrets, and any infrastructure they connect to our control plane.
9. Compliance Alignment
While we are in the process of pursuing formal certifications, our controls align with globally recognized standards:
ISO/IEC 27001 (Information Security Management)
SOC 2 (Trust Services Criteria)
CSA STAR (Cloud Security Alliance) best practices
We can provide additional documentation to support customer audits and due diligence.
9. Compliance Alignment
While we are in the process of pursuing formal certifications, our controls align with globally recognized standards:
ISO/IEC 27001 (Information Security Management)
SOC 2 (Trust Services Criteria)
CSA STAR (Cloud Security Alliance) best practices
We can provide additional documentation to support customer audits and due diligence.
9. Compliance Alignment
While we are in the process of pursuing formal certifications, our controls align with globally recognized standards:
ISO/IEC 27001 (Information Security Management)
SOC 2 (Trust Services Criteria)
CSA STAR (Cloud Security Alliance) best practices
We can provide additional documentation to support customer audits and due diligence.
9. Compliance Alignment
While we are in the process of pursuing formal certifications, our controls align with globally recognized standards:
ISO/IEC 27001 (Information Security Management)
SOC 2 (Trust Services Criteria)
CSA STAR (Cloud Security Alliance) best practices
We can provide additional documentation to support customer audits and due diligence.
9. Compliance Alignment
While we are in the process of pursuing formal certifications, our controls align with globally recognized standards:
ISO/IEC 27001 (Information Security Management)
SOC 2 (Trust Services Criteria)
CSA STAR (Cloud Security Alliance) best practices
We can provide additional documentation to support customer audits and due diligence.
9. Compliance Alignment
While we are in the process of pursuing formal certifications, our controls align with globally recognized standards:
ISO/IEC 27001 (Information Security Management)
SOC 2 (Trust Services Criteria)
CSA STAR (Cloud Security Alliance) best practices
We can provide additional documentation to support customer audits and due diligence.
10. Commitment to Transparency
We believe security depends on trust and openness. We are committed to:
Publishing clear documentation of our controls.
Engaging directly with customers during security reviews.
Continuously improving our posture as threats evolve.
10. Commitment to Transparency
We believe security depends on trust and openness. We are committed to:
Publishing clear documentation of our controls.
Engaging directly with customers during security reviews.
Continuously improving our posture as threats evolve.
10. Commitment to Transparency
We believe security depends on trust and openness. We are committed to:
Publishing clear documentation of our controls.
Engaging directly with customers during security reviews.
Continuously improving our posture as threats evolve.
10. Commitment to Transparency
We believe security depends on trust and openness. We are committed to:
Publishing clear documentation of our controls.
Engaging directly with customers during security reviews.
Continuously improving our posture as threats evolve.
10. Commitment to Transparency
We believe security depends on trust and openness. We are committed to:
Publishing clear documentation of our controls.
Engaging directly with customers during security reviews.
Continuously improving our posture as threats evolve.
10. Commitment to Transparency
We believe security depends on trust and openness. We are committed to:
Publishing clear documentation of our controls.
Engaging directly with customers during security reviews.
Continuously improving our posture as threats evolve.