Our Commitment to Your Security
At Whiparound, protecting your data is our highest priority. We have built our platform on a modern security architecture designed to meet and exceed industry standards, including our ISO 27001 certification. This article explains our approach to Zero Trust security, a framework that ensures your information is protected by multiple layers of advanced security controls.
What is Zero Trust?
The core principle of a Zero Trust security model is simple: “never trust, always verify.”
This means that no user or device is trusted by default, even if they are connected to a familiar network. Instead, every single request to access data must be strictly authenticated and authorized. It is a proactive approach that moves beyond traditional network-based security to focus on what matters most: ensuring only the right people have access to the right information at the right time.
Our Identity-First Approach to Security
The foundation of our Zero Trust policy is identity. We believe that verifying the identity of every user is the most effective way to secure a modern, cloud-based application.
Robust Authentication: We use industry leading standards like OAuth 2.0 and offer enterprise grade Single Sign On (SSO) with SAML and OIDC. This ensures that every user is who they say they are before they can access the Whiparound platform.
Flexible and Secure Access: This identity first approach provides strong security while giving your team the flexibility to work securely from anywhere, on any device. It is the same modern approach used by major SaaS providers like Salesforce and Microsoft 365.
Defense in Depth: A Multi-Layered Strategy
Our identity controls are the core of a wider “defense in depth” strategy. We do not rely on a single security measure. Instead, we protect your data with multiple layers of defense.
Application Security: We use an AWS Web Application Firewall (WAF) to provide real time protection against common threats like SQL injection and cross site scripting.
Data Encryption: Your data is fully encrypted at all times. We use TLS 1.3 to secure data when it is in transit and powerful AES-256 encryption when it is at rest in our databases and file storage.
Network Controls: As an additional layer of proactive defense, we implement network level controls. We primarily allow access from the United States, Australia, and New Zealand, while actively blocking traffic from countries known for high levels of malicious activity. We maintain the flexibility to allow specific access from other regions on a case by case basis if required.
Continuous Monitoring: Our systems are monitored around the clock to detect and respond to any potential threats.
This comprehensive security strategy, combining identity-first principles with multiple layers of defense, ensures the integrity and protection of your data on the Whip Around platform.