Security Overview | Asanto | No-Code Platform

Security overview

20+ years’ experience developing bespoke applications.

Built for the cloud

Security is at the heart of the Asanto platform infrastructure design and build.

Certified

We ensure our processes and setup meet the stringent requirements for certification.

Infrastructure as a service

Rapidly deploy reliable, scalable applications with high availability.

Application security

We have 20+ years’ experience developing applications within the insurance sector.

Certified

ISO 27001

Independently certified best-practice approach to information security.

We are accredited with Payment Card Industry Data Security Standard certification (PCI DSS Level 1) for the payment gateway service (IdolPay). As a PCI DSS certified supplier, you can have the confidence that our processes and infrastructure meet and exceed the stringent requirements for certification.

The design of Asanto and associated cloud infrastructure ensures that the failure of a single component will not adversely affect the performance of the whole, with redundancy and automated failovers ensuring system availability.

Asanto platform infrastructure design and build
Manage every aspect of your products

Infrastructure

Asanto is built for the cloud, and by utilising the Infrastructure as a Service (IaaS) model in conjunction with Infrastructure as Code (IaC), we’re able to rapidly deploy reliable, scalable applications with high availability. Security is at the heart of the Asanto platform infrastructure design and build. There are controls throughout the provisioning process which ensure the platform adheres to the principle of least privilege. Our secure cloud infrastructure provides:

  • Audit trail for compliance and investigation.
  • Automated monitoring and management of system performance.
  • Threat detection.
  • Load balancing.
  • Web Application Firewall (WAF) to provide greater security.
  • Secure database functionality utilising encryption at rest, in transit and multi-AZ for high availability.

All managed by the Asanto development operations team on your behalf.

Secure data
Asanto dashboard

Application security

We have over 20+ years’ experience developing applications within the insurance sector. Our Secure Software Development Lifecycle enshrines this knowledge and applies best practices for Agile software development.

Each stage of the development process has gated authorisation stages with separate development, test and production environments. Application code is tested and reviewed at several stages using a combination of automated and manual checks - this includes peer code reviews, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) and finally an independent application security test (penetration test) which is carried out by a CREST certified organisation.