Security best practices at LightNit
We take pride in our information security program and are dedicated to its continual improvement.
User account security
Product access control
Only a subset of LightNit's personnel has access to LightNit's products and customer data through controlled interfaces. This limited access allows us to provide effective customer support, troubleshoot potential problems, detect and respond to security incidents, and implement data security.
Authentication resourcesWe offer two-factor authentication (2FA)
SAML integration with external identity providers.
EncryptionLightNit uses 256-bit AES encryption at rest in addition to securing network communication with TLS 1.2 for encrypting data in transit.
Change management
Every pull request goes through a peer code review, whether it's a new feature or bug fix. Security reviews are performed as appropriate for the work.
We run regular code audits security.
We use GitLab for our CI tooling for continuous integration and delivery. Every merged PR is automatically subjected to a pipeline of rigorous tests and analysis as appropriate for the code being merged.
We perform robust unit testing and regular penetration testing.
Cloud security
LightNit utilizes Amazon Web Services (AWS) as its cloud service provider. We also leverage AWS's security and compliance controls for data center physical security and cloud infrastructure. More information about this service provider can be found on the AWS Security Cloud website.
Monitoring & logging
Availability: We have globally-distributed SRE and Security teams on-call 24/7. To ensure users have real-time service availability updates, LightNit also maintains a Status page.
Logging: We keep a comprehensive log of all user and Zap activities. Zap activities are logged internally for troubleshooting and support only. LightNit users can also see a summary of their Zap activities in their Zap History.
