--- title: "Security" slug: "cloud-platform-security" updated: 2026-03-05T12:52:54Z published: 2026-03-05T12:52:54Z canonical: "docs.knovvu.com/cloud-platform-security" --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.knovvu.com/llms.txt > Use this file to discover all available pages before exploring further. # Security | Document Number | Revision Number | Revision Date | | --- | --- | --- | | KN. GU.45.EN | Rev7 | 05.03.2026 | Security is a top priority for the Knovvu platform. The architecture and operational processes are designed to ensure strong protection of data, applications, and infrastructure at every layer. ### Shared Responsibility with AWS Knovvu products run on Amazon Web Services (AWS), where security is governed by a shared responsibility model: - AWS is responsible for securing the AWS Cloud itself, including: - Physical security of data centers - Hardware, software, and networking infrastructure - Redundant power, cooling, and connectivity - Sestek is responsible for securing everything deployed in the cloud, such as: - Knovvu applications and services - Customer data - Access controls and configurations This model ensures a clear separation of responsibilities while maintaining high security standards. ### Data Protection: Encryption at Rest and in Transit Data is encrypted both **at rest** and **in transit** using industry-standard protocols: - AES-256 for encryption at rest - TLS 1.2 for encryption in transit This covers object storage and databases, External services enforce HTTPS, providing encryption and server authentication. ### DevSecOps Approach: Security in CI/CD Sestek follows a DevSecOps model, integrating security into the software delivery lifecycle: - Automated vulnerability scanning for every build - Auto-remediation workflows that update vulnerable dependencies - Automated testing to validate updates do not break functionality This approach ensures that potential security issues are caught early and resolved proactively. ### AWS Security Services Knovvu uses a combination of AWS-managed security services to provide real-time threat detection and response: - IAM (Identity and Access Management) – Enforces least-privilege access and temporary roles for secure operations - AWS KMS (Key Management Service) – Creates and controls encryption keys; keys never leave KMS unencrypted - AWS CloudTrail – Provides detailed logging of all API calls for audit and compliance purposes ### Network-Level Protection - VPC Isolation – Knovvu resources are deployed in isolated virtual networks - Security Groups – Strictly control inbound and outbound traffic - Policy-Driven Security – Enforces S3 bucket policies, default-deny security groups, and prevents misconfigurations ## Regular Penetration Testing and Security Audits Third-party penetration tests and audits are conducted regularly to ensure that Knovvu’s security measures remain effective and aligned with emerging threats. Vulnerabilities are prioritized and remediated promptly. ## Certifications and Compliance Knovvu and Sestek maintain the following certifications and compliance standards. For more information, refer to [https://docs.knovvu.com/docs/sestek-cloud-security-statement#certification](https://docs.knovvu.com/docs/sestek-cloud-security-statement#certification).