Security & Privacy

Security at Our Core

Security isn't just a checklist for us - it's fundamental to how we operate. We treat your data like our own crown jewels. This document explains our internal security approach, not as a marketing piece, but as an honest assessment of how we protect our clients' trust.

The Foundation

The most secure systems are often the simplest. We use Google Workspace for identity management because it's proven, well-maintained, and doesn't require us to reinvent authentication.

We've built our infrastructure and processes on what works, not what's trendy. Our primary monitoring stack runs on Google Cloud Platform and AWS, not because they're popular, but because they're battle-tested and continually hardened by thousands of the world's best security engineers.

How We Think About Access

The principle that guides our access control is straightforward: every person should have exactly the access they need to do their job, nothing more.

Multi-factor authentication to critical platforms is mandatory for everyone. We use hardware security keys when possible, because they're the most resistant to phishing. Authenticator apps are our backup.

Contractors are vetted and given the least level of access that lets them efficiently do their job.

Protecting Data

Data security has a few elements: knowing where your data is, controlling who can access it, and ensuring it's encrypted both in transit and at rest. It’s encrypted at rest using platform encryption and all communication use TLS to protect information in transit.

Our backup strategy is simple but thorough: we maintain encrypted offsite backups of critical information and we test our restoration process. A backup you can't restore isn't a backup.

Payments are made via industry behemoths Stripe where credit card and bank information is encrypted, stored, and processed entirely by Stripe using AES-256 encryption.

Real Security vs. Security Theater

Many companies have impressive-sounding security policies that don't translate into actual security. We focus on what matters: strong authentication, appropriate access control, comprehensive logging, and constant monitoring and alerting. You can see our continuously monitored compliance with CIS at https://trust.adversis.io

Endpoint Security

We secure endpoints through centralized management. Devices are encrypted, monitored, and can be wiped remotely if lost.

Incident Response

Security incidents are inevitable. What matters is how quickly you detect them and how effectively you respond. We have a straightforward incident response plan and robust playbook:

- Detect quickly through automated monitoring

- Contain immediately to prevent spread

- Investigate thoroughly to understand the scope

- Fix the root cause, not just the symptoms

- Learn from each incident to prevent recurrence

Common Questions
How do you handle client data?

We treat client data like our own crown jewels. Everything is encrypted, access is logged, and we delete it when it's no longer needed. We don't keep data around "just in case."

What happens when something goes wrong?

When something goes wrong, we focus on two things: fixing the immediate problem and preventing it from happening again. We communicate clearly with affected clients throughout the process.

How do you stay current with security threats?

Through a combination of human expertise, automated tools, and threat intelligence feeds. But more importantly, we focus on getting the basics right.

How do you handle security updates?

Infrastructure is patched automatically. Everything else follows a regular schedule with high-priority issues patched within 72 hours and standard updates within two weeks.

Do you hold any security certifications such as SOC 2  or ISO 27001?

We go above and beyond the standards outlined in these compliance frameworks but do not maintain third party certificates. Please email us if you'd like discuss working with us to obtain these certifications.

Reporting Security Issues

If you find a security issue, email security@adversis.io. We take all reports seriously and respond quickly. We do not maintain a bug bounty program at this time.

The Reality

We practice what we preach and offer a careful, practical approach to security that focuses on real threats and proven defenses.

Last Updated: January 2025

Questions? Contact us at security@adversis.io

Have a project in mind? Let’s talk

Get in touch
Cybersecurity Risk Advisory and Professional Services (i.e. hackers)
Montana Office
563 Ash Rd, Suite B
Kalispell, MT 59901
Pages
AboutBlogServicesContactPrivacySecurityTrust
Resources
CyberPricesSaas HardeningBad PasswordsPrinciplesStartup Security Workbook
Stay in the know
Practical content, no fluff.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.