Skip to content

Infrastructure Security

Cloud Infrastructure

Sociable AI leverages industry-leading cloud providers with robust security certifications to host our infrastructure:

Google Cloud Platform (GCP)

Network Security: VPC isolation, firewall rules, and private networking
Identity Management: IAM with least privilege access controls
Monitoring: Cloud Monitoring and Cloud Logging for security events
Data Storage: Encrypted BigQuery instances for analytics data

Amazon Web Services (AWS)

Network Segmentation: VPC isolation for service boundaries
Access Control: IAM roles with minimum required permissions
Secret Management: AWS Secrets Manager for credential storage

Vercel

Edge Network: Global CDN with DDoS protection
TLS Enforcement: Mandatory HTTPS for all traffic
Deploy Previews: Isolated preview environments for testing

Deployment Security

CI/CD Pipeline

Code Scanning: Automated security scanning during build process
Dependency Validation: Vulnerability checking of third-party dependencies
Infrastructure as Code: Consistent, auditable infrastructure definitions
Secrets Management: Secrets never exposed in source code or logs

Environment Isolation

Development/Production Separation: Complete separation of environments
Staging Environment: Pre-production testing in isolated infrastructure
Access Controls: Different access permissions per environment

Microservices Architecture Security

Our service-oriented architecture implements multiple security layers:

Service Boundaries: Clear isolation between different service domains
API Gateway: Centralized authentication and authorization
Internal Communication: Service-to-service authentication
Rate Limiting: Protection against abuse and DoS attacks

Data Processing Infrastructure

Pub/Sub Messaging

Authentication: Service account authentication for publishers/subscribers
Encryption: Automatic encryption of messages in transit and at rest
Access Controls: Topic-level access control policies

Compute Resources

Container Isolation: Services run in isolated container environments
Auto-Scaling: Resource optimization and resilience to load spikes
Vulnerability Management: Regular OS and runtime patching

Network Security

TLS Everywhere: All internal and external communication uses TLS 1.2+
API Security: Authentication required for all API endpoints
IP Restrictions: Access controls based on IP address where appropriate
Web Application Firewall: Protection against common web vulnerabilities

Monitoring and Incident Detection

Log Aggregation: Centralized logging for security analysis
Alerting: Comprehensive alerting system leveraging Google Cloud Security Command Center, AWS CloudWatch, Vercel Analytics, Sentry, Clerk Security Alerts, Supabase Security Monitoring, Stripe Radar, and GitHub Security Alerts
Metrics: Performance and security metrics collection
Intrusion Detection: Monitoring for unusual access patterns

Disaster Recovery

Backup Strategy: Regular automated backups of critical data
Recovery Testing: Periodic testing of restore procedures
High Availability: Redundant systems for critical components
Business Continuity: Documented procedures for major incidents

Physical Security

Our cloud providers maintain physical security controls including:

Data Center Security: 24/7 security staff, biometric access controls
Environmental Controls: Fire suppression, climate control, redundant power
Compliance: SOC 2, ISO 27001, and other physical security certifications