Serverless functions to minimise attack surfaces

At Overcyte, we recognise that the adoption of cloud-native solutions brings both enhanced capabilities and new security challenges. Our mission is to deliver a cyber resilience platform that our customers can trust implicitly. Security is not an afterthought it's a foundational element woven into every aspect of our operations, from product design to daily practices.

We employ a risk-based approach to our Information Security Management System (ISMS), focusing on identifying, assessing, and mitigating vulnerabilities and threats to our information assets. This proactive stance ensures the confidentiality, integrity, and availability of data entrusted to us.

Secure by Design

Security is embedded into every layer of our platform:

• Application Architecture: Our applications are designed with multi-tenancy isolation, ensuring that customer data is segregated and protected.

• Infrastructure: We utilise containerised environments and serverless functions to minimise attack surfaces and enhance scalability.

• Data Storage: All data is encrypted at rest and in transit using industry-standard encryption protocols. Every customer has a dedicated database.

• Access Controls: Role-based access controls (RBAC) and multi-factor authentication (MFA) are enforced across all systems.

Data Protection and Privacy

We are committed to safeguarding customer data:

• Data Minimisation: We collect only the data necessary to provide our services, adhering to the principle of least privilege.

• Data Retention: Data is retained in accordance with defined lifecycle policies and is securely deleted upon request or at the end of its retention period.

• Privacy Compliance: Our practices align with global privacy regulations, ensuring transparency and control over personal data.

• Data Storage Location: During our onboarding process, customers can choose to store their data in one of the following locations: AU, UK, and USA.

‍