Protecting your trust

Protecting Your Trust

We value the trust our customers place in our service. From developing our software to delivering the service to our customers, security is inherently designed in every element of the network. Every team member at Nile is required to follow mandatory security practices to ensure our customers are not affected by human risk. Our Security Team leads the service with continuous security programs and practices like frequent penetration testing, vulnerability assessments, and least-privilege access controls. As part of our commitment to security and transparency, we actively work with our partners and customers to share our process so they can participate in helping improve our service for all.

Protecting your trust

People

We believe security starts and ends with people. In addition to leveraging automation as often and as much as possible, eliminating complexity and simplifying where we can, the human element needs to also be secured. That’s why Nile has developed a customer-centric culture with a security-first mindset.

Security Training

First, we’ve made it extremely easy for engineers and other employees to raise security concerns and awareness. All of our employees are required to go through recurring security training. We also have processes to ensure employees practice safe security and detect when they deviate from normal behaviors.

Security Operations Center

In addition to our internal team monitoring the Nile service 24/7, Nile partners up with highly-qualified managed security service providers (MSSP) for extra security protection for our customers.
We have provisions and processes in place to work with customers in case of an incident, or an unusual behavior is detected. Within our Security Operation Center (SOC), our analysts regularly test any security processes to ensure that best practices are followed. Our security processes utilize automation with human monitoring to ensure accuracy and reduce risk

Application Access

Our team empowers us to deliver first-class experiences to our customers. In order to protect our customers, the Nile Security Team uses a proactive recertification process to continuously review our external access posture and ensure that only the right resources will have the right access at the right time.

Internal Access

Applying the principle of least privilege, access is only given to users with the least amount of permissions as necessary for them to fulfill their responsibilities. Regular reviews are done for access control in addition to unusual behavior detection.

Protecting your trust

Cloud Infrastructure

Like each element of the Nile network, Nile’s Cloud Infrastructure is built with a security-first mindset and is designed to secure, encrypt, and protect our customers’ data.

Traffic Encryption

Nile provides complete encryption from and to our cloud via HTTPS with Mutual Authentication. This ensures our customer information is protected from snooping and protects the integrity of our customer’s data.

Microservice Security

Nile’s service is composed of different microservices, designed to be agile. From building to packaging these microservices, we follow industry best practices to secure them and continuously monitor them to detect unusual activities quickly. We’ve created an agile and secure methodology for our CI/CD. For example, our team continuously scans for dependencies and ensures that the image repositories we use are secure. We use HTTPS in for communications between microservices.

Protect Data in Transit and at Rest

Nile believes our customers should have a high level of confidence in our commitment to security and privacy when using our service. Customers’ data is kept to a minimum for troubleshooting purposes and is compliant with industry standards. All data is fully encrypted as part of our security design using widely accepted encryption standards like Advanced Encryption Standard (AES) and schemes like AES-GCM-SIV.

Cloud Console Access

Nile’s cloud console is kept to least-privileged access and is highly monitored for unusual activities. Resources with access to our cloud console have to use MFA to access the console, and their access is restricted to a set time with auto disconnect. In addition, all authentications are required to go through our SSO system.

Tenant Isolation

Isolating tenants to ensure data integrity, security, and privacy is VERY important to us. Our strategy centers around the individual tenant’s identity and other constructs to guarantee tenant isolation. Every service uses the tenant scoping context for all interactions.

Protecting your trust

Secure Software
Development Lifecycle

Security is built in from Day 0 with Nile’s Software Development Lifecycle (SDLC). From threat modeling to secure coding and review practices, Nile has created the software that runs our internal and external services with security in mind.

Protecting your trust

Development

Development of our software is designed with security from the beginning. We do not outsource any of our development and adopt industry best practices for agile development. Development of our platform is only performed by engineers that have gone through our Secure Software Development guidelines; these include.

Threat Modeling

Examining applications and their interactions (both internal and external) through the lens of security. We have provisions and processes in place to work with customers in case of an incident, or an unusual behavior is detected. Within our Security Operation Center (SOC), our analysts regularly test any security processes to ensure that best practices are followed. Our security processes utilize automation with human monitoring to ensure accuracy and reduce risk.

Static Code Analysis

Automatic security scanning is built into our CI/CD pipeline to identify Software Supply Chain vulnerabilities. Our developers understand open source software (OSS) can have vulnerabilities, so we have strict guidelines on which to choose while maximizing customer experience and performance. These guidelines are constantly reviewed and updated to ensure modern techniques and practices are used.

Image & Application Scanning

A multi-stage, multi-tool approach is used to identify vulnerabilities in packages in our images before they are deployed. Additionally, continuous application scans are conducted to detect issues and misconfigurations.

Protecting your trust

Vulnerability Management

As another important part of our security strategy, we’ve incorporated well-known tools to quickly and accurately give contextual information necessary to identify vulnerabilities.

Our team has developed a systematic approach to handling these vulnerabilities from the time it is identified to raising tickets with engineering and deploying the patch.

Penetration Testing

Nile performs penetration testing regularly in-house and uses highly qualified 3rd party penetration testers.

As part of our commitment to being transparent, we always share the penetration testing summary results when engaging with our customers.

Protecting your trust

IT Tools and Applications

Nile uses multiple tools and applications within the company.. We understand that these tools and applications can be vulnerable to attackers looking for a way into our network. As such, we’ve created multiple processes within our strategy to ensure that the Nile service has not been compromised and customers’ data remain secured, encrypted, and protected.

Separation of Duties (SOD) and Least Privilege Access

Least-privilege access is done for all of our IT tools and Applications. We have an access review program that frequently checks for a user’s permission to ensure they are only given minimum access required to perform their duties.

Multi-level approvals are applied by raising tickets to ensure separation of duties.

MFA Everywhere

All employees must use multi-factor authentication (MFA) to log into our applications and services.

Vendor Management

We use stringent security requirements utilizing questionnaires on a vendor’s security practice, feature support like SSO, and role-based access control for all 3rd party applications is mandated. These processes are closely followed every time a new application is onboarded.

Compliance & privacy

Compliance and Certification

Cut decades-old enterprise network complexities. Ensure rapid innovation at the edge, matching cloud speeds – without sacrificing zero trust security.
Need more reasons to get started with Nile? Read on.

Group

SOC Type II

The SOC 2 Type II is the gold standard for describing the security controls of cloud service providers. It provides a tremendous amount of detail about the security controls in place within an organization. It also includes the checks that an auditor applies to validate those controls have been in place over an audited time period. If you are interested in viewing Nile’s SOC 2 report, please contact our team for a copy.

image

SOC Type II

ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

STAR registry listing for Nile Service
image

CSA Level 1

STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to. It ultimately reduces complexity and helps alleviate the need to fill out multiple customer questionnaires.

image

Wi-Fi Cert.

ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

pink blue light

White Papers

Read our compliance white papers to understand how Nile does compliance for well-known standards:

For financial organizations or organizations dealing with sensitive financial information

Compliance & privacy

Privacy

Nile has applied privacy by design and privacy by default principles in its services right from the get go.

From Day 0:

Nile constantly ensures that we collect only the minimum data necessary to support our service.

We require explicit consent of the customer to be obtained when accessing customer data during support or debugging issues. All of these access are recorded and made available to customers in Audit logs within their Nile Portal.

We have built and continuously developed a security-first mindset with strict training within the organization on how to deal with customer data (e.g. PII information).

Connect with us

Have a security question or feedback? Connect with us!

Nile takes security very seriously. Our reputation depends on it. Our Information Security Team is always available to assist with any security questions you may have.

Have feedback? Connect and share your thoughts. We would love to hear from you!

Compliance & security questions

Privacy questions


Notice unusual activities?