PureID’s Security & Resiliency Approach

PureID's commitment to security is reflected in its Breach Resilient approach to authentication. Our innovative design just not focus on securing your sensitive data but also work without data. PureID provides high assurance authentication without sharing, storing or indexing user's Personally Identifiable Information(PII) or any sensitive data.

Infrastructure

We own the responsibility of our PureAUTH Cloud infrastructure without owning your data. PureAUTH Cloud infrastructure is designed to assure high availability across multiple geogrophies.

Resilience

We work with you to design fallbacks and recovery mechanism, resiliency at various levels as expected or specified by you to ensure un-interrupted authentication and access to your enterprise resources.

Shared Responsibility

We share the ability configurations, custom integrations and extensions with desired functionality, level of security and availability for which you share the responsibility.

Our Security Measures

PureID designed the PureAUTH to perform & stay resilient even in case of breach, failures and outages. Never the less, we have taken various measures for securing PureAUTH cloud infrastructure.

Infrastructure and Physical Security

World wide outages & failures are reality and frequent, even with the best of the cloud vendors. PureAUTH authentiacation clusters are not just hosted with market leading cloud service providers but multiple of them to offer you unmatched redundancy.

Each of the PureAUTH cluster hosting vendor assure best level of physical as well as Infrastructure security.

Our white paper on our “Radical Approach to High Availability service” is available on request

Culture of Security

At PureID, we design our products to withstand social engineering & insider attacks. Each of our team member is committed to uphold this value while designing & delivering the PureAUTH passwordless solution. We go beyond Zero-Trust and existing privacy & security frameworks being traditionally followed while delivering our solutions and serving our customers.

Here you can find the security research write ups by our team on our Research Blog

Secure Development Lifecycle

We are continiously refining our developement process and building new security practices around it complying with OWASP and MITER recommendations of secure coding.

Our features and extensions go through coding reviews, functional and security testing, fuzzing & are deployed in phases.

We also ensure easy change management in case we need to rollback or promote complex changes in production.

Securing Sensitive Data

PureAUTH automatically meets the stringent standards of GDPR, ISO 27001 & HIPAA.

PureAUTH’s foundation is build on smart use of cryptography to ensure secure authentication along with secure communication, sensitive data generation & storage.

Cryptographic resources like encryption keys are managed through our breach resilient design and existing industry standard tool. Learn more about our Resilient Design

Continuous Improvement

PureID is committed to continiouls improve the security of its products, infrastructure and services it offers.

We take help of third party security consultants, security communities and independent researchers though various engagements like periodic design review, bug discovery program, penetration testing and fuzzing as part of our process.

Want to share a security issues with us? Write to [email protected]