Sesame-Enterprise
Sesame Enterprise

The complete investment data aggregation, analytics and reporting platform
Data management icon
Data management
Reporting icon
Report
Analytics icon
Analyse
Monitoring icon
Monitor
Risk management icon
Risk Management
Collaboration icon
Collaborate
Sesame-Data
Sesame Data

Receive aggregated data from all of  your banks
and custodians with one API
Bookkeeping icon
Automated Bookkeeping
Asset owners icon
Asset Owners
Single family offices icon
Single Family Offices

Get a complete picture of wealth across all investments and assets.
Asset owners icon
Asset Owners

Total control across your entire portfolio
Asset manager icons
Asset Managers
Group 121517
Hedge and Mutual Funds

Institutional-grade risk and reporting without the overheads
Group 121516
Platforms and Mancos

Efficiently manage funds with scalable platform solutions
Group 121480
Asset Advisors
Group 121515
Trust Companies

Automated bookkeeping and portfolio monitoring
Group 121518
Multi Family Offices

Coordinate family wealth and intergenerational planning with precision
Partners
Partners
Group 121519
Landytech Partner Portal

Our Partnership ecosystem.
Blog icon
Blog

Get the latest industry insights and
stay on top of your game
Family Office Technology Playbook
Family Office Technology Playbook

Create a more data-driven approach to investment management.

Read more
Guides and research icon
Guides & Research

In-depth research into the most pressing industry challenges
Accuro Case Study
Accuro enhances family office services with Sesame

Hear how Accuro cut reporting preparation time by 80% with Sesame in this case study.

Read more
Events and webinars icon
Webinars

Hear from industry experts on the latest topical issues
Risk as a marketing tool for hedge funds wide
Risk as a marketing tool for hedge funds

Join us on 27th November for this exclusive webinar on risk as a marketing asset for hedge funds.

Read more
Events
Events

The latest Landytech Connect events and industry conferences
Spring Breakfast Briefing
Landytech Connect Breakfast Briefing

Following the success of the Autumn Breakfast Briefing, we're excited to announce we'll be back in Spring 2025. Register your interest now.

Read more
About us icon
About Us

Discover Landytech's mission to revolutionise investment management and our story so far
News icon
Newsroom

Stay updated with the latest breakthroughs and milestones as Landytech leads the way in investment management innovation
Careers icon
Careers

Join our journey of growth and innovation; explore career opportunities that empower you to make a tangible impact

Security

Securing the future of investment management

We care about security. If you have any questions, or encounter any issues, please contact us.

Contact us
illustration_Security
  1. Our approach to security is grounded in the following eight core principles:
    1.  Risk-Based Approach: We prioritize actions based on the potential risk and impact to our organization.
    2. Least Privilege: Access is granted at the minimum level necessary for each role,  reducing the potential for unauthorized access.
    3. Defence in Depth: We implement multiple layers of security controls to protect our systems and data.
    4. Attack Surface Reduction: We proactively minimize the number of vulnerabilities that could be exploited by an attacker.
    5. Secure Identity and Access Management: We ensure that only authorized individuals have access to our systems and data.
    6. Process-Driven: Our security measures are not ad-hoc but based on well-defined, documented, and repeatable processes.
    7. Repeatable: Our security practices are designed to be consistently applied across the organization.
    8. Continuous Improvement: We regularly review and update our security practices in response to evolving threats and new learnings.
  2. Compliance certificates
    1. ISO 27001: This certification is a testament to our extensive security measures and risk management strategies. In a time where cybersecurity threats are on the rise, this certification underscores our steadfast dedication to safeguarding our company data, customer information, and other valuable assets.
    2. GDPR: We are fully compliant with the EU and UK General Data Protection Regulations (GDPR). This means we’re committed to protecting your data and upholding the highest standards of privacy. You can rest assured that your information is safe, secure, and handled with utmost care.
  3. Data protection
    1. Data at rest: All data in our databases and storage accounts are encrypted with our own customer managed keys, using AES-256 encryption
    2. Data in transit: We use TLS 1.2 or higher for all transmitted data.
    3. Secret management: Encryption keys and secrets are managed by a key Vault. It is for secure key management, providing centralized, access-controlled storage of encryption keys. It safeguards keys with Hardware Security Modules and offers audit trails for all key usage. Automated tasks like key rotation are handled, enhancing key security.
    4. Access to all data is protected by strong Role-Based Access Control, and monitored to detect any unauthorized access.
  4. Product Security
    Sesame is built with a security-first approach to development. We have adopted a DevSecOps approach, where security is integrated at every stage of the pipeline, from planning to public release. Security requirements are considered during the planning phase. The code is tested during development, reviewed before being committed, and tested again before deployment. But our security measures don’t stop when the product goes live. We actively monitor for new vulnerabilities in our libraries and application and conduct regular penetration testing to discover risks that might have been missed previously.
  5. Vulnerability scanning
    Our goal is to proactively identify vulnerabilities before the code is deployed into production and to continuously monitor for new vulnerabilities in our running applications.
    1. Static Application Security Testing (SAST): We perform continuous testing of our source code and infrastructure provisioning code prior to compilation.
    2. Dynamic Application Security Testing (DAST): We conduct periodic scans of our running applications before they are deployed into production.
    3. Cloud Security Posture Management (CSPM): We continuously scan our cloud infrastructure to identify and mitigate security risks.
    4. Cloud Workload Protection Platform (CWPP): We continuously scan our cloud workloads to identify risks such as misconfigurations and vulnerable libraries, and to detect threats.
    This comprehensive approach to vulnerability scanning underscores our commitment to maintaining the highest standards of security for our platform.
  6. Enterprise security
    We utilize a central Mobile Device Management tool, to manage all endpoints effectively. This central management ensures that critical security configurations, including encryption, malware protection, application deployment, and patching, are uniformly applied and controlled.
  7. Secure remote access
    Access to both company and customer resources is facilitated exclusively through company-issued devices, which are under continuous surveillance to ensure compliance with our stringent security requirements. Connections to cloud resources are done via Bastion and VPN.
  8. Security education
    Our employees are the cornerstone of our security program. Recognizing their vital role, we ensure they receive annual training on general security and data protection. This commitment to continuous learning underscores our dedication to maintaining the highest standards of security.
  9. Identity and access management
    At Landytech, we take security seriously. Our identity management program is designed with the utmost care to ensure that access to all company resources and customer data is strictly controlled. We adhere to the principles of ‘least privilege’, ‘need to know’, and ‘separation of duties’. This means we’re meticulous about who has access to what.
    We employ a range of robust security measures. These include phishing-resistant multi-factor authentication and single sign-on systems for both simplicity and enhanced security. Access is role-based, ensuring individuals only have the permissions they need for their specific role. Furthermore, we prioritize secure provisioning and maintenance.
  10. Network security
    Our platform is fortified by robust virtual networks, each meticulously segregated by firewalls and network security groups. We prioritize security and efficiency, maintaining separate environments for development, staging, and production. This segregation ensures isolated testing and deployment, minimising risks and enhancing performance. Our commitment to this structured approach underscores our dedication to providing secure and reliable services.
  11. Patch management
    We adhere to a rigorous patch management practice, ensuring all changes are thoroughly reviewed and tested before deployment. Our well-established patching procedure guarantees the stability and security of our systems. Leveraging Infrastructure as Code (IaC), we deploy all patches systematically and efficiently.
  12. Physical security
    We are a cloud-based company and physical security is handled by the cloud service provider.
  13. Monitoring
    We have robust monitoring of our infrastructure, with data points across identity, network, application and hardware. The logs are collected in our SIEM, and correlated for detection and response to malicious activities, bugs, and for troubleshooting.
  14. Availability
    We create products with high availability that cater to the needs of our customers, leveraging the scalability provided by our Cloud Service Provider (CSP).
Product security

Sesame's security capabilities

Explore how Sesame gives you granular tools to protect your team and data.

image 12
Learn More
×