Engineering XTRD’s Fort Knox of Authentication
When it comes to cybersecurity, especially in the digital asset industry, there is no room for compromises!
Of course, this is a very hot topic and it’s always easy to talk about it rather than implement it in practice. These are additional procedures to follow, extra techniques to use, more people to hire. We built our systems taking into account the hostile environment where we will operate. Here is a brief overview of what XTRD does in order to protect our clients’ digital assets.
Restricted access. Our servers are not available over the public internet. In order to trade, clients have to cross-connect with XTRD within Equinix IBX data centers. Another option is to set up a VPN tunnel. In both cases, we know who the customer is.
Isolated environment for clients. Each client runs their operations within an isolated network segment invisible to other participants. This isolation is controlled by hardware and software layers.
Components separation. XTRD is built as a modular system (different data buses, routing components, data normalization farm, streamers, databases, monitoring, journaling, and so on) where components are separated by firewalls (if required by business logic). Each component can access only very specific IP addresses and ports. And, of course, no access to the operating environment is available over the public Internet!
Data encryption. Despite the fact that components are isolated and covered by firewalls, they “talk” to each other only through encrypted channels. Even internally. That’s the rule!
No sensitive information stored as a plain text. We deal with passwords, keys, and other forms of client’s credentials. This information is never stored unencrypted. API calls (yes, we do have REST API for accounts management) never return real data. Logs/journal records are scrambled to avoid unexpected leaks.
Protected from people’s failure. XTRD uses techniques similar to launch sequences on nuclear submarines – in order to start the system, it required a combined effort of several people. So in case of an unlikely event when one part of the key was compromised, it’s still not enough to obtain access – analogous to a multi-signature wallet concept.
Authentications and authorization. The majority of XTRD resources require authentication prior to obtaining access. In addition, access to certain resources is limited by a role-based authorization system.
Journaling and monitoring. All events, big and small, are carefully monitored and added into a journal. We know who was doing what and when. Of course, this information is carefully stored and backed up via tape on separate geographically distant servers.
XTRD has many more secure controls but we are keeping some of our secrets!
Let us know if you would like to try our services with a no-cost, no-obligation trial period!