Security at Mantra

  • Authentication

All employees Mail and Cloud accounts require strong password and 2FA with U2F physical security keys.

SSO is used whenever possible for any other service we use and 2FA is mandatory.

All employees are provided with a password manager account to help them generate secure and unique passwords as well as sharing secrets internally. SSO is used to connect to their password manager.

All employees' laptop’s disk are encrypted.

  • Development Security

Developers access source code via an access protected by 2FA with U2F physical security key.

The main development branch is protected.

Changes to the code base requires approval and validation of security tests. 

Dependencies and source code are scanned at least once a week.

  • Platform Security

We use managed services from Cloud providers. They provide the infrastructure security (patching, backups, firewall, etc) and availability.

Secrets are stored in a key management system (KMS) and accessed only by services requiring these secrets.

Data is encrypted in transit with all services using HTTPS.

Authentication between users and services is done via OAuth2. 

Databases are encrypted at rest (AES 256). 

  • User Awareness

Users are  trained and tested against different social engineering attacks using Mantra's awareness and simulation platform.