Safety & Security
Learn about how Sedai prioritizes the security and reliability of autonomous actions, protects customer data, and adheres to compliance standards.
Sedai’s autonomous operations are specifically built to be safer than manual or assisted automated operations. The following safety measures are in place to ensure the security and reliability of autonomous operations, protect customer data, and adhere to compliance standards.
Sedai regularly refreshes topology data from your cloud to understand applications and their dependencies, as well as categorize them by statefulness or criticality.
Before autonomously executing any action on an application, Sedai assesses its seasonality patterns for approximately one month. The system builds a thorough application profile based on factors such as saturation, latency, errors, and traffic.
Once Sedai detects an issue or opportunity where it can intervene, it performs a series of safety checks to ensure your cloud's availability remains uncompromised. These checks include:
- Analyzing the impact of changes on your system
- Assessing the efficacy based on previous similar actions
- Identifying the ideal execution time based on seasonality patterns
- Validating against other queued actions
Additionally, Sedai checks the broader execution environment to ensure no dependencies are adversely affected (such as making changes within an ECS or Kubernetes cluster).
Sedai safeguards against external threats or runaway conditions through continuous monitoring, which enables the system to verify whether an application experiences reoccurring issues it has previously attempted to remediate. In such cases, the system escalates the issue for human intervention to avoid continuous band-aid solutions.
Once Sedai verifies the need for intervention and successfully completes all safety checks, an action is autonomously executed without negatively impacting availability. All actions and their respective changes are audited and recorded to meet compliance requirements.
Every action is verified for accuracy and effectiveness against predefined goals (such as decreasing cost or improving performance). Changes will be reverted if verification and efficacy criteria are not met.
Sedai ensures robust data security through encryption at rest and in motion, employing Advanced Encryption Standard (AES) for sensitive data, HTTPS for data transmission, and Hash-based Message Authentication Code (HMAC) for secure messaging. Sedai also utilizes seamless Security Assertion Markup Language (SAML) integration, multi-factor authentication, and secure key management practices.
Sensitive data is stored encrypted with AES. This prevents data breaches even if the database is exposed to potential threats.
Sedai employs HTTPS for its API and UI interfaces, ensuring secure data transmission.
Sedai’s bus is secured using HMAC for both producers and consumers. An intruder will never be able to consume or send meaningful messages even if he or she manages to get access to the bus.
Sedai offers seamless SAML integration with identity providers, allowing it to operate as a service provider while respecting identity provider roles and access privileges. For non-standard security integration protocols, customers can contact Sedai for additional support.
For SaaS customers, Sedai offers AWS SSO password policies and MFA. For all internal systems managing confidential or customer data in Sedai, MFA is enabled and mandatory.
Sedai maintains data encryption at rest and in motion. For AWS data at rest, Sedai uses AWS Secrets Manager, which is SOC/HIPAA/FedRamp compliant. This includes encryption of account credentials, customer profiles, and all other sensitive data. With this, Sedai:
- 1.Regularly rotates keys
- 2.Makes audits secure and easy
- 3.Manages keys with fine-grained access
The key for an environment is never checked in. Instead, these are encoded and deployed along with binaries, using Kubernetes default key management framework.
Each Sedai SaaS instance for customers operates within its dedicated tenant, ensuring data isolation and security. No data will be shared across customer instances, and each tenant will host its own microservices, secret stores, relational databases, time series data, and machine learning models.