The complete investment data aggregation, analytics and reporting platform
Risk-Based Approach:
We prioritize actions based on the potential risk and impact to our organization.
We care about security. If you have any questions,
or encounter any issues, please contact us.
Landytech is ISO 27001 certified, providing enterprise-grade security for your complete peace of mind. Sesame has been engineered with confidentiality, integrity and availability as core principles.
Our approach to security is grounded in the following core principles:
We prioritize actions based on the potential risk and impact to our organization.
Access is granted at the minimum level necessary for each role, reducing the potential for unauthorized access.
We implement multiple layers of security controls to protect our systems and data.
We proactively minimize the number of vulnerabilities that could be exploited by an attacker.
We ensure that only authorized individuals have access to our systems and data.
Our security measures are not ad-hoc but based on well-defined, documented, and repeatable processes.
Our security practices are designed to be consistently applied across the organization.
We regularly review and update our security practices in response to evolving threats and new learnings.
This certification is a testament to our extensive security measures and risk management strategies. In a time where cybersecurity threats are on the rise, this certification underscores our steadfast dedication to safeguarding our company data, customer information, and other valuable assets.
We are fully compliant with the EU and UK General Data Protection Regulations (GDPR). This means we’re committed to protecting your data and upholding the highest standards of privacy. You can rest assured that your information is safe, secure, and handled with utmost care
For information about our security program and relevant documentation, visit the Landytech Trust Centre
All data in our databases and storage accounts are encrypted with our own customer managed keys, using AES-256 encryption
We use TLS 1.2 or higher for all transmitted data.
Encryption keys and secrets are managed by a key Vault. It is for secure key management, providing centralized, access-controlled storage of encryption keys. It safeguards keys with Hardware Security Modules and offers audit trails for all key usage. Automated tasks like key rotation are handled, enhancing key security.
Access to all data is protected by strong Role-Based Access Control, and monitored to detect any unauthorized access.
Sesame is built with a security-first approach to development. We have adopted a DevSecOps approach, where security is integrated at every stage of the pipeline, from planning to public release. Security requirements are considered during the planning phase. The code is tested during development, reviewed before being committed, and tested again before deployment. But our security measures don’t stop when the product goes live. We actively monitor for new vulnerabilities in our libraries and application and conduct regular penetration testing to discover risks that might have been missed previously.
Our goal is to proactively identify vulnerabilities before the code is deployed into production and to continuously monitor for new vulnerabilities in our running applications.
Static Application Security Testing (SAST): We perform continuous testing of our source code and infrastructure provisioning code prior to compilation.
Dynamic Application Security Testing (DAST): We conduct periodic scans of our running applications before they are deployed into production.
Cloud Security Posture Management (CSPM): We continuously scan our cloud infrastructure to identify and mitigate security risks.
Cloud Workload Protection Platform (CWPP): We continuously scan our cloud workloads to identify risks such as misconfigurations and vulnerable libraries, and to detect threats.
Patch management: We adhere to a rigorous patch management practice, ensuring all changes are thoroughly reviewed and tested before deployment. Our well-established patching procedure guarantees the stability and security of our systems. Leveraging Infrastructure as Code (IaC), we deploy all patches systematically and efficiently.
This comprehensive approach to vulnerability scanning underscores our commitment to maintaining the highest standards of security for our platform.
We leverage a centralized Mobile Device Management (MDM) platform to efficiently manage all endpoints, ensuring seamless enforcement of critical security configurations. This comprehensive approach guarantees uniform application and control of essential security measures, including encryption, malware protection, application deployment, and patch management, across the organization.
Access to both company and customer resources is facilitated exclusively through company-issued devices, which are under continuous surveillance to ensure compliance with our stringent security requirements. Connections to cloud resources are done via Bastion and virtual Private Networks (VPN).
Our employees are the cornerstone of our security program. Recognizing their vital role, we ensure they receive annual training on general security and data protection. This commitment to continuous learning underscores our dedication to maintaining the highest standards of security.
At Landytech, security is a core priority. Our identity management program is meticulously designed to enforce strict access controls across all company resources and customer data. We adhere to industry best practices, including the principles of least privilege, need-to-know, and separation of duties, ensuring that access is granted only where necessary.
To safeguard our systems, we implement phishing-resistant multi-factor authentication (MFA) and single sign-on (SSO) solutions, enhancing both security and user experience. Access is strictly role-based, ensuring that employees have only the permissions required for their specific responsibilities. Additionally, we maintain secure provisioning and continuous access management, reinforcing our commitment to protecting sensitive information.
Our platform is fortified by robust virtual networks, each meticulously segregated by firewalls and network security groups. We prioritize security and efficiency, maintaining separate environments for development, staging, and production. This segregation ensures isolated testing and deployment, minimising risks and enhancing performance. Our commitment to this structured approach underscores our dedication to providing secure and reliable services.
We are a cloud-based company and physical security is handled by the cloud service provider.
We have robust monitoring of our infrastructure, with data points across identity, network, application and hardware. The logs are collected in our SIEM, and correlated for detection and response to malicious activities, bugs, and for troubleshooting.
We create products with high availability that cater to the needs of our customers, leveraging the scalability provided by our Cloud Service Provider (CSP).
London Office
52a Cromwell Road
London, SW7 5BE
United Kingdom
Paris Office
140 rue Victor Hugo
92300 Levallois-Perret
France