Data security is crucial for companies in today’s digital age as it protects sensitive information from unauthorized access, theft, or damage. A breach of data security can result in a loss of trust from customers, regulatory penalties, and significant financial costs for a company. Ensuring data security is a critical aspect of modern business operations.
With a deep understanding of security concerns and regulations, we at Pecan are committed to keeping your information secure, private, and encrypted at all times. We employ a set of active and passive security measures, ranging from rigid internal compartmentalization to advanced endpoint and network-protection mechanisms.
Pecan has deployed enterprise-class security tools throughout its infrastructure and abides by strict regulations for securing data at rest and in transit, in both development and production environments.
Finally, to ensure you are always in command of your data and environment, Pecan provides granular access-control management and detailed monitoring logs.
What is Pecan, and how does it work?
Pecan is a self-service predictive analytics platform for data and business analysts. Without data science or programming expertise, they can easily connect Pecan to several data sources and create predictive models.
Pecan provides analysts with a set of templates that they can use to build models that solve a specific use case. Each template consists of business- and data-related questions to be answered by the analyst. Analysts can also customize templates using SQL in order to address the business’s specific goals and needs.
Once that’s done, Pecan can manipulate the data so it’s ready for AI processing. Manual data preparation is not required with this automated process. This initial preparation is followed by feature engineering, hyperparameter optimization, and model selection in order to find the best possible predictive model.
Once the model is trained, users can easily schedule recurring predictions that are automatically sent to a database or data warehouse. They can also monitor ongoing model performance via a dashboard. The dashboard additionally displays information on feature importance and row-level predictions to provide insight into the model’s decisions.
Pecan is certified under ISO 27001, a globally recognized standard for managing Information Security Management Systems. Its main goal is to identify and mitigate risks to the confidentiality, integrity, and availability of the data and information held within a company.
SOC2 Type II
Pecan undergoes an annual independent assessment of our cloud controls environment. This independent auditing is rigorous and takes place over an extended period of up to 12 months. The process scrutinizes Pecan’s internal controls and systems related to security, availability, processing integrity, confidentiality, and privacy of data.
Internal policy and best practices
Pecan employs a zero-tolerance policy towards data security, utilizing cryptography and physical access limitations. Our holistic security approach helps you stay compliant with demanding regulations, and ensures your data is safe from both malicious and accidental breaches.
In addition to centrally managed computing systems, antivirus software, firewalls and intrusion prevention systems, Pecan is also committed to engineering excellence with a specific focus on security. To that end, we follow OWASP Secure Software Development Life Cycle Project (S-SDLC) best practices, and perform periodic penetration tests.
Pecan’s product is rolled out on platforms of leading service providers and vendors that uphold the highest security standards. Amazon Web Service (AWS) is Pecan’s primary cloud vendor, and Databricks is used for data-processing infrastructure.
To authenticate users, Pecan uses a signed and encrypted access token that is obtained after entering an 8-character (or more) password that consists of at least one number and one symbol. User access is revoked after 10 failed sign-in attempts, and can only be restored only by a Superuser.
Cryptography and encryption
Pecan’s production environment runs on AWS, and all database files are encrypted using Amazon S3 Server Side Encryption (S3-SSE). To import data to Pecan’s platform, users can simply provide details of an S3 bucket that contains CSV or Parquet files, or alternatively, allow Pecan’s secured production server to directly access their database.
Pecan’s network is handled through a secure 2FA-enabled VPN, and is protected by an active firewall with additional endpoint protection solutions employed. Pecan does not allow the use of private computers by any employee performing R&D or customer-support activities.
Data storage and access
When using Pecan’s SaaS hosting model, none of the data provided by the client – raw or otherwise – is copied, transmitted or used for any purpose other than generating predictions based on a trained model. Once a prediction job or schedule is deleted, all data that was used by it is destroyed. Furthermore, when data is imported to Pecan, customers can choose the specific fields and entities to be imported for model training. Any data that is not specifically selected will not be imported by Pecan, and will not leave your data center.
As a 100% cloud-based solution, Pecan does not store any information on client PCs that are used to access and use our systems, with the exception of simple logs and cookies – none of which contain any data that is used to generate, or is generated by, prediction jobs. Any information presented during a user session is stored within the browser’s volatile protected memory, and is destroyed at the end of a session by the browser.
While data is present in the Pecan environment, the only people who can access it (aside from registered users) are key IT, DBA, and DevOps personnel within Pecan, as well as customer success managers – all of whom are granted access on only a need-to-know basis.
Log and monitoring
Pecan has a 24/7 monitoring system that covers its entire production environment, logging any sign-in attempt and its originating IP; any data connection opened, its duration, and the task it was used for; and any operation executed by the system.
Incident response management
Pecan understands that data is an organization’s most strategic and vital asset. As such, the security and privacy of our partners’ data are our highest priorities.
Any suspicious or malicious activity is monitored and alerted via an external MSSP with 24/7 SOC service, with controls implemented in IBM QRadar SIEM.