Earning and maintaining the trust of our users is our highest value and provides the foundation for all decisions we make at Kinnect. This article outlines our focus and commitment to securing your information.
Encryption Controls
End to End We encrypt the data at the point of creation and only decrypt it at the point of use.
In transit 100% of data transmitted between users and Kinnect is encrypted via SSL using 2048-bit certificates.
At rest 100% of data is stored using AES-256 bit encryption.
User-managed keys Users can add a second layer of encryption by creating private encryption keys, prohibiting Kinnect or anyone else’s ability to view users' data.
Other Security Features
✅ | Multi-factor authentication | ✅ | Client-owned encryption keys |
✅ | Private cloud architecture with dedicated servers | ✅ | No data secured in any device |
✅ | Bank-grade 256-bit encryption in transit and at rest | ✅ | Data stored in Tier-4 data centers (99.995% guaranteed uptime) |
✅ | Encrypted data transfer & delivery | ✅ | Automatic session time-out |
✅ | Back-ups: Point-in-time, daily & weekly | ✅ | Automated distributions & system fail-safe mechanisms |
INFRASTRUCTURE SECURITY OVERVIEW
DATA CENTERS
Kinnect’s physical infrastructure is hosted and managed within Amazon’s secure Tier 4 data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
● ISO 27001
● SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
● PCI Level 1
● FISMA Moderate
● Sarbanes-Oxley (SOX)
DATA RELIABILITY & BACKUP
All user data on Kinnect is backed up to prevent data loss. We have the ability to do point-in-time, daily and weekly recovery of our entire database in the event of a system-wide emergency.
PHYSICAL SECURITY
Kinnect utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection.
Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
FIRE DETECTION AND SUPPRESSION
Automatic fire detection and suppression equipment has been installed to reduce risk at Amazon facilities. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.
POWER
The data center electrical power systems at Amazon are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide backup power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.
CLIMATE AND TEMPERATURE CONTROL
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels.
MANAGEMENT
Data center staff at Amazon monitor electrical, mechanical and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment. For additional information see: https://aws.amazon.com/security.
DATA SECURITY
APPLICATION DEVELOPMENT
Kinnect follows best practices of application development and prevents common web software attacks. We use modern technologies and consistently update our application framework for newly discovered security vulnerabilities. Our development process includes continuous vulnerability scanning to ensure our team is maintaining this high level of security in our codebase.
END TO END ENCRYPTION (Envelope Encryption)
Kinnect encrypts the data at the point of creation and only decrypts it at the point of use. Kinnect’s envelope encryption ensures the protection of the user’s data from anyone but the user and their delegates. It ensures the utmost privacy even from the Kinnect team themselves. In addition to complete data security Kinnect’s envelope encryption ensures data integrity. Encrypted data in transit can’t be intercepted and modified during communication. End-to-end encryption significantly reduces the exposure of a data breach.
BANK-LEVEL ENCRYPTION
Kinnect traffic runs entirely over 256-bit encrypted SSL (https). Passwords are hashed before storing using bcrypt with a cost factor of 10 and application credentials are kept separate from the database and our code base. Additionally, sensitive data is stored in an encrypted format while at rest.
STANDARD ENCRYPTION KEYS
Kinnect users each get randomly generated encryption keys. These keys are used to add a layer of protection to the user’s data. Kinnect uses an End-to-End Encryption methodology to ensure the highest levels of data protection.
PREMIUM ENCRYPTION KEYS
Kinnect users can supplement their standard encryption keys by adding and managing their own encryption keys. These keys can be applied anywhere the user wants to add an additional layer of protection. Kinnect does not store these keys in our data centers, which prohibits us or potential security threats from decrypting the data where encryption keys have been applied.
TWO-FACTOR AUTHENTICATION
In addition to usernames and passwords, Kinnect users can enter a code from their mobile phone, adding an extra layer of security for your account.
SESSION TIME-OUT
Users of Kinnect automatically log out when there’s no activity for a defined period of time.
USER DATA ACCESSIBILITY
Kinnect is unable to view or access user data intentionally by design. The privacy of our users is at the core of Kinnect’s foundation.
INDEPENDENT ARCHITECTURE
Client accounts are owned and managed by clients. Client Kinnect accounts are not owned by the professional or firm. This means that clients have independent control over their own information. This structure reduces potential liability for professional firms, as their clients' data is less accessible to them than in a traditional shared data repository.
EMPLOYEE SECURITY
Every Kinnect employee undergoes rigorous background and security checks before hiring and annual security and privacy training to ensure they understand our commitment to keeping member information safe. Employee company applications and devices are centrally managed by a third party, which allows our security team to remove access to business applications at will and remotely freeze or wipe devices as needed. Customer data is hidden at every step in the process so that customer information is never compromised.
SOC 2
Kinnect has undergone a Type II Service Organization Control 2 (SOC 2) examination, resulting in an independent CPA’s report and certification. A SOC 2 Type II report assures you that Kinnect has established and continues to follow strict information security policies and procedures, and provides independent, third-party verification that The Kinnect Company operations meet or exceed defined levels of processes and controls for the security of customer data.
Vulnerability & Penetration Testing
At Kinnect, we prioritize the security of our platform and customers' data. To ensure robust protection, we conduct routine vulnerability assessments and penetration testing. Vulnerability testing involves scanning our systems to identify weaknesses, such as outdated software, configuration issues, or other flaws that could be exploited by malicious actors. Penetration testing, on the other hand, simulates real-world cyberattacks, allowing us to actively probe and challenge our defenses in a controlled environment. These proactive measures help us identify and address potential security risks before they can be exploited, ensuring our systems remain continually safeguarded against emerging threats and vulnerabilities. This ongoing commitment to security allows us to maintain a trusted and secure environment for all our users.