Securing the Hakimo Solution

Sagar Honnungar
Chief Technology Officer, Hakimo

At Hakimo, cybersecurity is a core factor in the design of every product feature and initiative. As an artificial intelligence technology solution provider, we incorporate product, infrastructure and employee security best practices into our comprehensive cybersecurity posture. Our information security team constantly strives to reduce risks, build trust and ensure compliance with applicable laws and regulations. Following are some of the measures we take to help ensure the resiliency of our organization and the security of our customers’ data.

Product Security

We believe secure products cannot be built without a standardized and systematic engineering culture. All of our code changes go through a rigorous code review process, and peer approval is required to merge the changes to the main branch or project. We have automated tests and linting checks (automated checks of source code), on every pull request (merging of new code into a project) to catch any potential issues. Hakimo’s engineering team performs a detailed root cause analysis for every security bug. We document them for future reference as well as for educating new engineers. We also engage third-party auditors for penetration testing at least once per year. 

Hakimo has achieved SOC 2 Type I compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations. Achieving this standard with an unqualified opinion serves as third-party industry validation that we provide enterprise-level security for customer’s data secured in the Hakimo system. Our team is currently working toward our SOC 2 Type II compliance. 

Infrastructure Security

We employ a number of measures to protect our infrastructure. Our defense-in-depth approach includes multiple layers of security, making it much more difficult for a would-be attacker to penetrate these layers to break into our system. For critical services like our cloud provider and version control repositories, we require multi-factor authentication. Root access is limited and the principle of least privilege, or limitation of access to only those who need it to do their jobs, is used when provisioning any accounts. Vulnerability scanning and patching of dependencies and other third-party software is performed on a regular basis. Centralized logging helps us in auditing access and in identifying and debugging issues quickly.

Employee Security

In recent times, employees have become the weakest area of the attack surface via social engineering. Therefore, we require Hakimo employees to undergo continuous training on safe usage of digital tools, including how to protect themselves from malicious attacks and follow safe practices on the internet. All employee laptops are standardized with their configuration and managed centrally. Onboarding and offboarding of employees follows a well-defined process and checklist to prevent unauthorized access beyond the employment period. We also use a secure password manager across the company to store passwords.

Security Policies

We have a comprehensive set of well-documented security policies covering the following aspects:

• Business Continuity and Disaster Recovery
• Change Management
• Corporate Ethics
• Customer Support and SLA
• Data Integrity
• Data Retention and Disposal
• Incident Management
• Information Classification
• Information Security
• Key Management and Cryptography
• Network Security
• Employee Security
• Risk Assessment
• Software Development
• Vendor Management
• Vulnerability and Penetration Testing Management
• Workstation and Mobile Device

Hakimo is committed to having best-in-class cybersecurity practices to help ensure the security of our customers’ data. If you’re interested in joining our top-notch information security team, please get in touch at careers [at] hakimo [dot] ai.

‍