System security in Machnet

Data and application security is of utmost importance in the Fintech industry. A lot of PII (Personally Identifiable Information) of customers, clients, and other service providers is stored, and this information in the wrong hands can be catastrophic.

At Machnet we follow all the best fintech guidelines and standards to keep our infrastructure, APIs, and database secure. In addition to that, we religiously follow our infrastructure best practices to safeguard our key resources. All of our security focused activity is guided by our comprehensive enterprise security policy.  Our key resources are set up in a private VPC(Virtual Private Cloud) that isn’t directly accessible from the internet. The resources can only communicate internally. 

We have a load balancer placed at the edge of the VPC for ingress that only HTTP and HTTPs request through the defined ports. All HTTP requests are redirected to HTTPs as well. 

We also have a firewall set up at the load balancer that should be able to filter out most malicious requests. NAT Gateway facilitates outgoing connections from the VPC. The NAT Gateway can disallow unverified connections to the internet as well. A Bastion server is set up as well on the edge of the VPC that enables engineers to access the resources within the VPC when required.

All applications are containerized and isolated from other systems. Any vulnerability within an application will have minimal effect on other applications and systems. We also maintain continuous backups to multiple regions as part of our DR (disaster recovery) strategy.

Our focus on security extends beyond infrastructure to our API resources as well. 

Additional Security Measures at Machnet  

1. Data encryption and tokenization to make sure the data cannot be exposed without the unique decryption keys.
2. Data encryption at rest and transit.
3. Secure application logins are used for accessing our APIs and other front-end applications.
4. Role-based access control on our frontend application like the dashboard to make sure only relevant information is exposed to a user.
5. OTP while logging in to the frontend applications.

In addition to this, we perform periodic platform testing for any threats. We have a dedicated DevOps team that continuously monitors our system for any malicious attacks and threats. And we are always looking for additional measures and tools to continue to improve the security posture of our entire platform.