Sobi Logo
Security and Compliance

Security and Compliance Architecture

We maintain a security-first environment by integrating advanced technical controls with rigorous independent auditing. Our infrastructure is designed to provide high availability while ensuring complete isolation of customer data.

Perimeter Defence and Application Security

We employ multiple layers of defence to protect our applications and APIs from external threats.

  • Web Application Firewall (WAF)

    We utilize AWS WAF to monitor and filter incoming traffic. Our WAF configurations are specifically tuned to cover the OWASP Top 10 vulnerabilities, providing proactive protection against injection attacks, cross-site scripting (XSS), and broken access control.

  • DDoS Protection

    Our platform leverages AWS Shield for always-on detection and automatic inline mitigations. This ensures that volumetric attacks at Layers 3 and 4 are neutralized before they can impact service availability.

  • Edge Security

    By utilizing a distributed global edge network, we minimize latency while ensuring that security inspections occur as close to the source of traffic as possible.

Managed AI Privacy Layer

Our AI analytical features are powered by our custom application embedded in Azure AI Foundry, architected for enterprise-grade data privacy.

  • Complete Data Isolation

    All AI processing is contained within our private tenant. Your data is never sent to OpenAI, Anthropic, or other third-party providers for model training or improvement.

  • In-Network Processing

    We maintain a “Zero Leakage” policy. Data remains within our secure network boundaries during inference, ensuring that proprietary information is never exposed to public AI models.

High Availability and Cloud Infrastructure

Hosted on Amazon Web Services (AWS), our architecture is built for resilience and 24/7 reliability.

  • Multi-AZ Redundancy

    We deploy across multiple AWS Availability Zones. In the event of a localized data centre failure, our systems automatically failover to healthy instances to maintain uninterrupted service.

  • Automated Scaling

    Our infrastructure is designed to scale dynamically with demand, preventing performance degradation during high-traffic periods.

  • Encrypted Storage

    All data is encrypted at rest using AES-256 and in transit via TLS 1.2 or higher, managed through AWS Key Management Service (KMS).

Continuous Verification and Testing

We verify our defences continuously through automated and manual testing.

  • Automated System Alerts

    Our environment is monitored 24/7. Automated alerting systems notify our security team of any infrastructure anomalies, unauthorized access attempts, or configuration drifts in real-time.

  • Third-Party Penetration Testing

    We engage independent, certified security firms to conduct annual penetration tests. These tests follow a grey-box methodology to simulate real-world attacks against our web applications, APIs, and cloud configurations.

  • Automated Security Scanning

    We integrate automated vulnerability scanning directly into our CI/CD pipeline. Every code deployment is checked for known vulnerabilities and misconfigurations before it reaches production.

Compliance and Auditing

  • SOC 1 & SOC 2 Type II

    We have achieved and maintain full SOC 1 and SOC 2 Type II compliance. These reports provide independent validation that our internal controls and operational processes meet the highest standards for security and availability.

  • Access Governance

    We strictly enforce the principle of least privilege. Access to production systems is limited to a small number of authorized engineers and requires multi-factor authentication (MFA) and hardware security keys.