Understanding security concerns and demanding regulations, we at Pecan are committed to keeping your information secure, private and encrypted at all times. We employ a set of active and passive security measures ranging from rigid internal compartmentalization to advanced endpoint and network protection mechanisms. Pecan has deployed throughout its infrastructure enterprise-class security tools and abides by strict regulations for securing data at rest and at transit, in both development and production environments. Finally, to ensure you are always in command of your data and environment, Pecan provides granular access-control management and detailed monitoring logs.
Pecan employs a zero tolerance policy towards data security from both cryptographic and physical access aspects. Our holistic security approach means your organization remains compliant with demanding regulations, and your data is safe from both malicious and accidental breaches.
Apart from tightly centrally managed computing systems, antiviruses, firewalls and intrusion prevention systems, Pecan is also committed to engineering excellence with a specific focus on security. To that end, we follow OWASP Secure Software Development Life Cycle Project (S-SDLC) best practices, and perform routing penetration tests prior to every release. To confirm the effectiveness of our security strategy, Pecan also employs 3rd party agencies for periodic penetration tests on top of internal tests, rules, tools and regulations.
Pecan’s product is rolled out on platforms belonging to reputable leading service providers and vendors that uphold the highest security standards, specifically: Amazon Web Service (AWS) and Cloudflare. In addition, Pecan can be self-hosted in a Virtual Private Cloud to ensure data never leaves your managed environments. In most cases, Pecan’s hosted product is used for the creation of the Predictive Data Model alone, after which any residual data is destroyed.
Pecan’s operation is separated into two phases: the Training Phase - when the Predictive Data Model is produced, and the Prediction Phase - when the Predictive Data Model is deployed as a self-contained web service. During the Training phase, Pecan can be deployed in two modes:
Once the Training Phase is over and the data model, DNNs and other functional items have been constructed, Pecan allows you to attain predictions in two ways:
Pecan has three built-in user roles: Super Admin, Administrator and Viewer.
In order to authenticate users, Pecan uses a signed and encrypted access token obtained after entering an 8 characters long password (or more), consisting of at least one number and one symbol. If required for regulatory compliance, Pecan also has an optional 2FA mechanism utilizing a code sent to a user’s mobile phone. Pecan’s password policies can also enforce periodic password changes. User access is revoked after 10 failed sign-in attempts, which can be restored only by another Administrator or Super Admin.
For its Production environment, Pecan utilizes Amazon S3 Server Side Encryption (S3-SSE) for all files stored on AWS, and encrypts all of its databases with Transparent Data Encryption (TDE). For obtaining data, customers can simply provide Pecan with exported data in CSV or JSON format into an S3 bucket, or alternatively use Pecan’s Data-Gateway for direct access to schemas through a secure SSH tunnel. Using this method, users can select which data fields to import, allowing them to exclude any sensitive information.
Internally, all of Pecan’s development storage and compute servers are encrypted, and communication in and out of Pecan’s network is handled through a secure 2FA-enabled VPN. Pecan’s network is protected by an active firewall with additional endpoint protection solutions employed. Pecan does not have, nor allows the use of private computers and laptops for any employee directly handling R&D and customer support.
When using Pecan’s SaaS hosting model, none of the data (raw or otherwise) provided by the client is copied, transmitted or used for any purpose other than completing data model creation tasks (Prediction Tasks). Once a Prediction Task is deleted (e.g. after a model was created and exported), all the data used in the task is destroyed. Furthermore, during data retrieval, the customer can choose the specific fields and entities which will be imported into Pecan for the Training phase. Any data not specifically selected to be part of a given task is not imported by Pecan and will not leave your datacenter.
Being a 100% cloud solution, Pecan does not store any information on client PCs used to access and use our systems other than simple logs and cookies, none of whom contain any data received into or outputted from Prediction Tasks. Any information presented during a session is stored within the browser’s volatile protected memory and is destroyed at the end of a session by the browser.
While the data is present in our environment, the only people other than registered users who have access to it are key IT, DBA and DevOps personnel within Pecan, and the Customer Success manager - all of which are granted access on a need to know only basis.
For war-rooms and forensics, Pecan has a 24/7 monitoring system covering its entire production environment, logging any sign-in attempt and its originating IP, as well as detailed logs of any data connection opened by Pecan’s Data-Gateway, its duration and the task it was used for, and any data transaction and operation executed by system.