Cell Annotation Service (CAS) Security
Last Modified: September 23, 2024
Effective Date: September 23, 2024
CAS leverages Google Cloud Platform (GCP) as our cloud service provider, which has extensive compliance certifications and physical security. CAS is provided as-is, and your use of CAS is at your own risk.
1. Infrastructure Security
Network Protection. Our network is protected through the use of GCP security services, regular internal assessment, threat intelligence technologies, which monitor and/or block known malicious traffic and network attacks.
Architecture. Our network security architecture relies on the built-in logical separation of GCP. Little of our infrastructure is exposed to the Internet. We utilize GCP’s Load Balancers as an entry point to the API service and all communication from the API service is performed in a virtual private network. We use Cloud Run and Vertex AI infrastructure to minimize VM and network exposure and rely on GCP’s own threat detection to keep those safe.
Intrusion Detection and Prevention. Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.
Security Incident Response. In case of a system alert, events are escalated to our team providing Operations coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
2. Encryption
Encryption in Transit. All communications with CAS are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public and private networks.
Encryption at Rest. Service Data is encrypted at rest in GCP.
3. Availability
Disaster Recovery. Our Disaster Recovery (DR) program ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
4. Application Security
Framework Security Controls. CAS leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to attacks like SQL Injection (SQLi), among others.
Quality Assurance. All code is reviewed by humans with machine assistance. Code is tested with unit and integration tests.
5. Vulnerability Management
Static Code Analysis. The source code repositories are scanned for security issues via our integrated static analysis tooling.
Dependency Analysis. All source code dependencies are scanned for known vulnerabilities, including THEIR dependencies.