πSafety & Security
Learn about how Sedai prioritizes the security and reliability of autonomous actions, protects customer data, and adheres to compliance standards.
Safety in Operations
Sedaiβs autonomous operations are specifically built to be safer than manual or assisted automated operations. The following safety measures are in place to ensure the security and reliability of autonomous operations, protect customer data, and adhere to compliance standards.
Topology Inference
Sedai regularly refreshes topology data from your cloud to understand applications and their dependencies, as well as categorize them by statefulness or criticality.
Application Profile
Before autonomously executing any action on an application, Sedai assesses its seasonality patterns for approximately one month. The system builds a thorough application profile based on factors such as saturation, latency, errors, and traffic.
Safety Checks
Once Sedai detects an issue or opportunity where it can intervene, it performs a series of safety checks to ensure your cloud's availability remains uncompromised. These checks include:
Analyzing the impact of changes on your system
Assessing the efficacy based on previous similar actions
Identifying the ideal execution time based on seasonality patterns
Validating against other queued actions
Additionally, Sedai checks the broader execution environment to ensure no dependencies are adversely affected (such as making changes within an ECS or Kubernetes cluster).
Sedai safeguards against external threats or runaway conditions through continuous monitoring, which enables the system to verify whether an application experiences reoccurring issues it has previously attempted to remediate. In such cases, the system escalates the issue for human intervention to avoid continuous band-aid solutions.
Safe Execution and Auditing
Once Sedai verifies the need for intervention and successfully completes all safety checks, an action is autonomously executed without negatively impacting availability. All actions and their respective changes are audited and recorded to meet compliance requirements.
Verification and Rollbacks
Every action is verified for accuracy and effectiveness against predefined goals (such as decreasing cost or improving performance). Changes will be reverted if verification and efficacy criteria are not met.
Application Security
Sedai ensures robust data security through encryption at rest and in motion, employing Advanced Encryption Standard (AES) for sensitive data, HTTPS for data transmission, and Hash-based Message Authentication Code (HMAC) for secure messaging. Sedai also utilizes seamless Security Assertion Markup Language (SAML) integration, multi-factor authentication, and secure key management practices.
Data At Rest
Sensitive data is stored encrypted with AES. This prevents data breaches even if the database is exposed to potential threats.
Data In Motion
Sedai employs HTTPS for its API and UI interfaces, ensuring secure data transmission.
Secure Messaging
Sedaiβs bus is secured using HMAC for both producers and consumers. An intruder will never be able to consume or send meaningful messages even if they manage to get access to the bus.
Authentication and Authorization
Sedai offers seamless SAML integration with identity providers, allowing it to operate as a service provider while respecting identity provider roles and access privileges. For non-standard security integration protocols, customers can contact support@sedai.io for additional support.
For SaaS customers, Sedai offers AWS SSO password policies and MFA. For all internal systems managing confidential or customer data in Sedai, MFA is enabled and mandatory.
Encryption and Key Management
Sedai maintains data encryption at rest and in motion. For AWS data at rest, Sedai uses AWS Secrets Manager, which is SOC/HIPAA/FedRamp compliant. This includes encryption of account credentials, customer profiles, and all other sensitive data. With this, Sedai:
Regularly rotates keys
Makes audits secure and easy
Manages keys with fine-grained access
The key for an environment is never checked in. Instead, these are encoded and deployed along with binaries, using Kubernetes default key management framework.
Customer Tenancy
Each Sedai SaaS instance for customers operates within its dedicated tenant, ensuring data isolation and security. No data will be shared across customer instances, and each tenant will host its own microservices, secret stores, relational databases, time series data, and machine learning models.
Contact our team at support@sedai.io with any questions or concerns regarding Sedai safety and security.
Last updated