Security

  • Updated on Dec 2, 2025
  • Published on Nov 28, 2025
  • 1 minute(s) read
  • DS
 Prev Next

Security is a top priority for the Knovvu platform. The architecture and operational processes are designed to ensure strong protection of data, applications, and infrastructure at every layer.

Shared Responsibility with AWS

Knovvu products run on Amazon Web Services (AWS), where security is governed by a shared responsibility model:

  • AWS is responsible for securing the AWS Cloud itself, including:

    • Physical security of data centers
    • Hardware, software, and networking infrastructure
    • Redundant power, cooling, and connectivity

  • Sestek is responsible for securing everything deployed in the cloud, such as:

    • Knovvu applications and services
    • Customer data
    • Access controls and configurations

This model ensures a clear separation of responsibilities while maintaining high security standards.

Data Protection: Encryption at Rest and in Transit

Data is encrypted both at rest and in transit using industry-standard protocols:

  • AES-256 for encryption at rest
  • TLS 1.2 for encryption in transit

This covers object storage and databases, External services enforce HTTPS, providing encryption and server authentication.

DevSecOps Approach: Security in CI/CD

Sestek follows a DevSecOps model, integrating security into the software delivery lifecycle:

  • Automated vulnerability scanning for every build
  • Auto-remediation workflows that update vulnerable dependencies
  • Automated testing to validate updates do not break functionality

This approach ensures that potential security issues are caught early and resolved proactively.

AWS Security Services

Knovvu uses a combination of AWS-managed security services to provide real-time threat detection and response:

  • IAM (Identity and Access Management) – Enforces least-privilege access and temporary roles for secure operations
  • AWS KMS (Key Management Service) – Creates and controls encryption keys; keys never leave KMS unencrypted
  • AWS CloudTrail – Provides detailed logging of all API calls for audit and compliance purposes

Network-Level Protection

  • VPC Isolation – Knovvu resources are deployed in isolated virtual networks
  • Security Groups – Strictly control inbound and outbound traffic
  • Policy-Driven Security – Enforces S3 bucket policies, default-deny security groups, and prevents misconfigurations

Regular Penetration Testing and Security Audits

Third-party penetration tests and audits are conducted regularly to ensure that Knovvu’s security measures remain effective and aligned with emerging threats. Vulnerabilities are prioritized and remediated promptly.

Certifications and Compliance

Knovvu and Sestek maintain the following certifications and compliance standards. For more information, refer to https://docs.knovvu.com/docs/sestek-cloud-security-statement#certification.