The global Manaos architecture, hosting, webservices and encryption process have been validated by the BNP Paribas Global IT Teams. This validation also covers compliance, data security and data privacy. Furthermore, BNP audits the platform several times a year, to ensure that our platform stays at “Bank Level Security”.
You will find below the detail of the Manaos security layers.
Manaos uses a secured infrastructure and isolated networks to treat the data. Each component is only able to process the data using the IAM role of each client organisation, ensuring full Chinese walls between executions and data.
Identity & Access Management :
Manaos uses AWS COGNITO to handle user management and enforces strong password policies and Multi-Factor Authentication, to ensure that the logged user is the correct person inside the Organisation.
No single Manaos user has access to production platform or data.
Code Security Level :
Manaos uses a static code analysis and SonarQube to highlight code security error, as well as quality gates, regression tests and proper git flow before deployment.
Pen Tests :
Manaos is tested by external service providers, during “Pen Tests”, to ensure that the platform is secured, and to potentially highlight security weakness to be addressed and corrected.
Logs & Observability :
Manaos monitors and logs every activity performed on its platform: users and administrators activity, API calls, incidents, etc. Everything that happens in our AWS VPC is logged.
Furthermore, Manaos has built its own applicative Log Data System: a Compliance Audit Trail, which records users login/logout with timestamps, for easy audit purpose without the need to dig into AWS technical logs.