Knode.ai Security Policy
Last updated:
November 2, 2023
Knode.ai (Knode) employs strict security standards and measures throughout the entire organization. Every team member is trained and kept up to date on the latest security protocols. We regularly undergo testing, training, and auditing of our practices and policies. This document is subject to change at Knode.ai’s discretion and as new capabilities are added to Knode’s products. Please review this document in its entirety.
1. Purpose, Scope, and Organization
What is this document, why does it exist, what does it cover, and who is in charge of it?
This policy defines behavioral, process, technical, and governance controls pertaining to security at Knode.ai that all personnel are required to implement in order to ensure the confidentiality, integrity, and availability of the Knode.ai service and data (“Policy”). All personnel must review and be familiar with the rules and actions set forth below.
This Policy defines security requirements for:
management of systems, both hardware and software and regardless of locale, used to create, maintain, store, access, process, or transmit information on behalf of Knode.ai, including all systems owned by Knode.ai, connected to any network controlled by Knode.ai or used in service of Knode.ai’s business, including systems owned third-party service providers, and
circumstances in which Knode.ai has a legal, contractual, or fiduciary duty to protect data or resources in its custody.
In the event of a conflict, the more restrictive measures apply.
1.1. Governance and Evolution
This Policy was created in close collaboration with and approved by Knode.ai executives. At least annually, it is reviewed and modified as needed to ensure clarity, the sufficiency of scope, concern for customer and personnel interests, and general responsiveness to the evolving security landscape and industry best practices.
1.2. Security Team
The Knode.ai security team oversees the implementation of this Policy, including
procurement, provisioning, maintenance, retirement, and reclamation of corporate computing resources,
all aspects of service development and operation related to security, privacy, access, reliability, and survivability,
ongoing risk assessment, vulnerability management, incident response, and
security-related human resources controls and personnel training.
1.3. Risk Management Framework
The security team maintains a Risk Management Framework derived from NIST SP 800-39 - “Managing Information Security Risk: Organization, Mission, and System View” and NIST SP 800-30 - “Guide for Conducting Risk Assessments.” Risk assessment exercises inform prioritization for ongoing improvements to Knode.ai’s security posture, which may include changes to this Policy itself.
Our Risk Management Framework incorporates the following:
Identification of relevant, potential threats.
A scheme for assessing the strength of implemented controls.
A scheme for assessing current risks and evaluating their severity.
A scheme for responding to risks.
2. Personnel and Office Environment
What are Knode.ai’s expectations of its personnel and the workplace regarding systems and data?
Knode.ai is committed to protecting its customers, personnel, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly, in the context of its established employment culture of openness, trust, maturity, and integrity.
This section outlines expected personnel behaviors affecting security and the acceptable use of computer systems at Knode.ai. These rules are in place to protect our personnel and Knode.ai itself, in that inappropriate use may expose customers and partners to risks, including malware, viruses, compromise of networked systems and services, and legal issues.
2.1. Work Behaviors
The first line of defense in data security is the informed behavior of personnel, who play a significant role in ensuring the security of all data, regardless of format. Such behaviors include those listed in this section as well as any additional requirements specified in the employee handbook, specific security processes, and other applicable codes of conduct.
Training
All employees and contractors must complete the Knode.ai security awareness and data handling training programs at least annually.
Unrecognized Persons and Visitors
It is the responsibility of all personnel to take positive action to maintain physical security. Challenge any unrecognized person present in a restricted office location. Any challenged person who does not respond appropriately should be immediately reported to the supervisory staff and the security team. All visitors to Knode.ai offices must be registered as such or accompanied by a Knode.ai employee.
Clean Desk
Personnel should maintain workspaces clear of sensitive or confidential material and take care to clear workspaces of such material at the end of each workday.
Unattended Devices
Unattended devices must be locked. All devices will have an automatic screen lock function set to activate automatically upon no more than fifteen minutes of inactivity.
Use of Corporate Assets
Systems are to be used for business purposes in serving the interests of the company and of our clients and partners in the course of normal business operations. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use of systems. Only Knode-managed hardware and software is permitted to be connected to or installed on corporate equipment or networks and used to access Knode.ai data. Knode-managed hardware and software includes those either owned by Knode.ai or owned by Knode.ai personnel but enrolled in a Knode.ai device management system. Only software that has been approved for corporate use by Knode.ai may be installed on corporate equipment. All personnel must read and understand the list of prohibited activities outlined in this Policy. Modifications or configuration changes are not permitted without explicit written consent by the Knode.ai security team.
Removable Storage, No Backups, Use of Cloud Storage
The use of removable media such as USB drives is prohibited. Personnel may not configure work devices to make backups or copies of data outside corporate policies. Instead, personnel are expected to operate primarily “in the cloud” and treat local storage on computing devices as ephemeral. Knode.ai data must be saved to company-approved secure cloud storage (e.g., Google Docs) to ensure that even in the event of a corporate device being lost, stolen, or damaged, such artifacts will be immediately recoverable on a replacement device.
Prohibited Activities
The following activities are prohibited. Under certain conditions and with the explicit written consent of the security team, personnel may be exempted from certain of these restrictions during the course of their legitimate job responsibilities (e.g., planned penetration testing, systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).
The list below is by no means exhaustive but attempts to provide a framework for activities that fall into the category of unacceptable use.
Under no circumstances are personnel of Knode.ai authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing Knode-owned resources.
Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar lGCP or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Knode.ai.
Violating or attempting to violate the terms of use or license agreement of any software product used by Knode.ai is strictly prohibited.
Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Knode.ai or the end user does not have an active license is strictly prohibited.
Exporting software, technical information, encryption software, or technology may result in a violation of international or regional export control lGCP. The appropriate management should be consulted prior to the export of any material that is in question.
Revealing your account password to others or allowing use of your account by others. This includes colleagues, as well as family and other household members, when work is being done at home.
Making fraudulent offers of products, items, or services originating from any Knode.ai account.
Making statements about warranty, expressly or implied, unless it is a part of normal job duties and then only to the extent the warranties are consistent with Knode.ai’s authorized warranties.
Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
Affecting security breaches or disruptions of network communication. Security breaches include but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious or unlawful purposes.
Except by or under the direct supervision of the security team, port scanning or security scanning, or other such software designed to exploit or find computer, software, or network vulnerabilities.
Executing any form of network monitoring that will intercept data not intended for the employee’s host unless this activity is a part of the employee’s normal job/duty.
Circumventing user authentication or security of any host, network, or account or attempting to break into an information resource or bypassing a security feature. This includes running password-cracking programs or sniffer programs and attempting to circumvent file or other resource permissions.
Attempting to interfere with or deny service to any other user.
Installation of software which installs or includes any form of malware, spyware, or adware as defined by the security team.
Crashing an information system. Deliberately crashing an information system is strictly prohibited. Users may not realize that they caused a system crash, but if it is shown that the crash occurred as a result of a user action, a repetition of the action by that user may be viewed as a deliberate act.
Attempts to subvert technologies used to affect system configuration of company-managed devices (e.g., MDM) or personal devices voluntarily used for company purposes (e.g., mobile Work Profiles).
2.2. Personnel Systems Configuration, Ownership, and Privacy
Centralized System Configuration
Personnel devices and their software configuration are managed remotely by members of the security team via configuration-enforcement technology, also known as MDM software. Such technology may be used for purposes including auditing/installing/removing software applications or system services, managing network configuration, enforcing password policy, encrypting disks, remote wipe & recovery, copying data files to/from employee devices, and any other allowed interaction to ensure that employee devices comply with this Policy.
Data and Device Encryption
All devices must use modern full disk encryption to protect data in the event of a lost device. An example of valid full disk encryption is Apple FileVault 2 using XTS-AES-128 encryption with a 256-bit key. This is enforced using MDM software.
Device Heartbeat and Remote Wipe
Devices must support the ability to report their status and be remotely wiped. This is enforced using MDM software.
Prevent Removable Storage
Devices must prevent the usage of removable storage. This is enforced using MDM software.
Endpoint/Antivirus/Antimalware Protection
Devices must automatically install and configure the Knode-provided antivirus software for endpoint protection. Configured software will report status and potential threats, allowing for remote administration and reporting by the security team. This is enforced using MDM software.
Retention of Ownership
All software programs, data, and documentation generated or provided by personnel while providing services to Knode.ai or for the benefit of Knode.ai are the property of Knode.ai unless otherwise covered by a contractual agreement.
Personnel Privacy
While Knode.ai’s network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems remains the property of Knode.ai. Due to the need to protect Knode.ai’s network, management does not intend to guarantee the privacy of personnel’s personal information stored on any network device belonging to Knode.ai. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use such as general web browsing or personal email. If there is any uncertainty, personnel should consult the security team or their manager.
Personnel should structure all electronic communication with recognition of the fact that the content could be monitored and that any electronic communication could be forwarded, intercepted, printed, or stored by others.
Knode.ai reserves the right, at its discretion, to review personnel’s files or electronic communications to the extent necessary to ensure all electronic media and services are used in compliance with all applicable lGCP and regulations as well as corporate policies.
Knode.ai reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. For security and network maintenance purposes, authorized individuals within Knode.ai may monitor equipment, systems, and network traffic at any time.
2.3. Human Resources Practices
Background Checks
Background checks are conducted for personnel with access to production infrastructure prior to their start date. The consequences of problematic background check results may range from a limitation of security privileges to revocation of employment offer to termination.
Training
The security team maintains a company-wide security awareness program delivered to all personnel at least annually. The program covers security awareness, policies, processes, and training to ensure that personnel are sufficiently informed to meet their obligations. Those most responsible for maintaining security at Knode.ai, including the security team itself as well as key engineering/operations staff, undergo more technical continuing education.
Separation
In the case of personnel termination or resignation, the security team coordinates with human resources to implement a standardized separation process to ensure that all accounts, credentials, and access of outgoing employees are reliably disabled.
3. Personnel Identity and Access Management
How does Knode.ai define, control, and maintain user identity and permissions for personnel?
3.1. User Accounts and Authentication
Each individual having access to any Knode-controlled system does so via a G Suite user account denoting their system identity. Such user accounts are required to have a unique username, a unique, strong password, password expiration, and a two-factor authentication (2FA) mechanism. The password Strength and Length are enforced based on the NIST Special Publication 800-63B Digital Identity Guidelines.
Logging into Knode.ai Systems
Logins by personnel may originate only from Knode-managed devices. Authentication is performed by Google’s account management system, details of which can be found at https://gsuite.google.com/security. Knode.ai leverages G Suite’s facilities of detecting malicious authentication attempts. Repeated failed attempts to authenticate may result in the offending user account being locked or revoked.
Logging into Third-Party Systems
Whenever available, third-party systems must be configured to delegate authentication to Knode.ai’s G Suite account authentication system (described above), thereby consolidating authentication controls into a single-user account system that is centrally managed by the security team.
When authentication to G Suite is not available, unique, strong passwords must be created and stored in the Knode-approved password management system. Passwords must be paired with two-factor/MFA authentication.
Revocation and Auditing of User Accounts
User accounts are revoked (that is, disabled but not deleted) immediately upon personnel separation. As a further precaution, all user accounts are audited at least quarterly, and any inactive user accounts are revoked.
3.2. Access Management
Knode.ai adheres to the principle of least privilege, and every action attempted by a user account is subject to access control checks.
Role-based Access Control
Knode.ai employs a role-based access control (RBAC) model utilizing Google-supplied facilities such as organizational units, user accounts, user groups, and sharing controls.
Web Browsers and Extensions
Knode.ai may require the use of a specified web browser(s) for normal business use and for access to corporate data such as email. For certain specified roles, such as software development and web design, job activities beyond those mentioned above necessitate the use of a variety of browsers, and these roles may do so as needed for those activities.
Any browser that is allowed to access corporate data, such as email, is subject to an allowlist-based restriction on which browser extensions can be installed.
Administrative Access
Access to administrative operations is strictly limited to security team members and further restricted still as a function of tenure and the principle of least privilege.
Regular Review
Access control policies are reviewed regularly with the goal of reducing or refining access whenever possible. Changes in job function by personnel trigger an access review as well.
3.3. Termination
Upon termination of personnel, whether voluntary or involuntary, the security team will follow Knode.ai’s personnel exit procedure, which includes revocation of the associated user account and reclamation of company-owned devices, office keys or access cards, and all other corporate equipment and property prior to the final day of employment.
4. Provenance of Technology
How does Knode.ai build, adopt, configure, and maintain technology to fulfill its security intentions?
4.1. Software Development
Knode.ai stores source code and configuration files in private GitHub repositories. The security and development teams conduct code reviews and execute a static code analysis tool on every code commit. Reviewers shall check for compliance with Knode.ai’s conventions and style, potential bugs, and potential performance issues, and that the commit is bound to only its intended purpose.
Security reviews shall be conducted on every code commit to security-sensitive modules. Such modules include those that pertain directly to authentication, authorization, access control, auditing, and encryption.
All major pieces of incorporated open-source software libraries and tools shall be reviewed for robustness, stability, performance, security, and maintainability.
The security and development teams shall establish and adhere to a formal software release process.
Sensitive data which does not need to be decrypted (e.g., passwords) is salted and hashed using approved functions such as Bcrypt.
Sensitive data which must be decrypted (e.g., tokens) must use an approved encryption provider for HSM functions, such as KMS.
4.2. Configuration and Change Management
The Knode.ai security and development teams shall document the configuration of all adopted systems and services, whether hosted by Knode.ai or are third-party hosted. Industry best practices and vendor-specific guidance shall be identified and incorporated into system configurations. All configurations shall be reviewed on at least an annual basis. Any changes to configurations must be approved by appointed individuals and documented in a timely fashion.
System configurations must address the following controls in a risk-based fashion and in accordance with the remainder of this policy:
data-at-rest protection encryption
data-in-transit protection of confidentiality, authenticity, and integrity for incoming and outgoing data
data and file integrity
malware detection and resolution
capturing event logs
authentication of administrative users
access control enforcement
removal or disabling of unnecessary software and configurations
allocation of sufficient hardware resources to support loads that are expected at least twelve months into the future.
production data is not used in the development or test systems.
4.3. Third-Party Services
For every third-party service or sub-processor that Knode.ai adopts, the compliance team shall review the service and vendor on an annual basis to gain assurance that their security posture is consistent with Knode.ai’s for the type and sensitivity of data the service will store or access.
Knode.ai relies on the Google Cloud Platform to satisfy specific security controls related to the GCP data centers and GCP services. For more information on Physical and Environmental Security, as well as the Logical Access and Security controls for GCP services, please see the GCP Security White Paper: Google Cloud Security Whitepapers.
5. Data Classification and Processing
How does Knode.ai manage data classifications and data processing?
5.1. Data Classification
Knode.ai maintains the following Data Confidentiality Levels:
Confidential - Information only available to specific roles within the organization. Data must be encrypted at rest and in transit. Access to data requires 2FA/MFA.
Restricted - Access is restricted to specific roles within the organization and authorized third parties. Data must be encrypted at rest and in transit. Access to data requires 2FA/MFA.
Internal - Information is available to all employees and authorized third parties. Data must be encrypted at rest and in transit.
Public - Information is available to the public.
Data Confidentiality is determined by:
The value of the information is based on impacts identified during the risk assessment process.
Sensitivity and criticality of the information, based on the highest risk calculated for each data item during the risk assessment.
Policy, legal, regulatory, and contractual obligations.
Additionally, data may be separated into data type classifications to enforce processing rules for customer data. For each data class, the Knode.ai security and development teams may provision and dedicate specific information systems in Google Cloud Platform to store and process data of that class, and only data of that class, unless otherwise explicitly stated. For all classes of customer data, data must be encrypted at rest and in transit. Corresponding systems may store and process data items needed to keep each customer’s data properly segmented, such as Knode.ai customer identifiers.
Customer User Account Data - This is data pertaining to login accounts for the app.knode.ai customer web interface used by Knode.ai customer agents. User account credentials shall be hashed in such a manner that the plaintext passwords cannot be recovered.
Customer Contact Data - This is contact data about Knode.ai customers and customer agents.
Customer Preferences Data - This is data pertaining to the customer-specific preferences and configurations of the Knode.ai service made by customer agents.
Customer Recorded Data - This is data that the Knode.ai service collects during session recording. This includes customer queries and Knode responses.
Customer Event Transaction Metadata - This is metadata about transactions conducted on all other classes of customer data. This includes customer organization and user identifiers, standard syslog data pertaining to customer users, and instances of Customer Contact Data and Customer Preferences Data. This class does not include Customer Recorded Data.
Customer Contact Data, Customer Preferences Data, and Customer Event Transaction Metadata may be stored and processed in systems hosted in environments other than Google Cloud Platform, as approved by the security team.
Resources must maintain accurate data classification tagging policies for their entire lifecycle, including during decommissioning or when removed from service temporarily.
5.2. Knode.ai Employee Access to Customer Data
Knode.ai employees may access Customer Data only under the following conditions.
From managed devices.
For the purpose of quality assurance.
For the purpose of incident response or customer support.
For no longer than is needed to fulfill the purpose of access.
In an auditable manner.
Customer Data is not used in development or test systems.
Product usage metadata and customer recorded data may be utilized for analytics, performance monitoring, and service/feature improvement.
5.3. Customer Access
Knode.ai provides web user interfaces (UIs), application programming interfaces (APIs), and data export facilities to provide customers access to their data.
5.4. Exceptional Cases
The security team, in conjunction with executive management, may approve emergency exceptions to any of the above rules in response to security incidents, service outages, or significant changes to the Knode.ai operating environment when it is deemed that such exceptions will benefit and protect the security and mission of Knode.ai, Knode.ai customers, and visitors of Knode.ai customers’ websites.
5.5. Data Encryption
Knode.ai protects all data in transit with TLS 1.2 and all data at rest with AES-256 encryption. All data that is stored is encrypted at the storage layer using the Advanced Encryption Standard (AES) algorithm, AES-256. We use a common cryptographic library, Tink, which includes FIPS 140-2 validated module (named BoringCrypto). Cryptographic keys are assigned to specific roles based on least privilege access, and keys are automatically rotated yearly. The usage of keys is monitored and logged.
Resources must maintain data encryption at rest and in transit for their entire lifecycle, including during decommissioning or when removed from service temporarily.
5.6. Data Retention
Each customer is responsible for the information they create, use, store, process, and destroy.
On the expiration of services, customers may instruct Knode.ai to delete all customer data from Knode.ai’s systems in accordance with applicable law as soon as reasonably practicable unless applicable law or regulations require otherwise.
5.7. Data Sanitization and Secure Disposal
Knode.ai uses Google Cloud Platform for all infrastructure. GCP provides the following guidance regarding its data lifecycle policies:
Media storage devices used to store customer data are classified by GCP as Critical and treated accordingly, as high impact, throughout their life cycles. GCP has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, GCP decommissions media using techniques detailed in NIST 800-88. Media that stores customer data is not removed from GCP control until it has been securely decommissioned.
6. Vulnerability and Incident Management
How does Knode.ai detect and respond to vulnerabilities and security incidents?
6.1. Vulnerability Detection and Response
The Knode.ai security and development teams shall use all of the following measures to detect vulnerabilities that may arise in Knode.ai’s information systems.
Cross-checking vulnerability databases with all systems and software packages that support critical Knode.ai services.
Automated source code scanners on every code commit.
Code reviews on every security-sensitive code commit.
Vulnerability scanning on Knode.ai services.
Maintain a bug bounty program.
Annual penetration testing with an independent provider.
The Knode.ai security team shall evaluate the severity of every detected vulnerability in terms of the likelihood and potential impact of an exploit and shall develop mitigation strategies and schedules accordingly. Suitable mitigations include complete remediation or implementing compensating controls.
6.2. Incident Detection and Response
The Knode.ai security team maintains an internal Incident Response Policy, which contains steps for preparation, identification, containment, investigation, eradication, recovery, and follow-up/postmortem.
The Knode.ai security team shall use all of the following measures to detect security incidents.
Continuous monitoring of GCP network traffic and workloads for malicious or unauthorized activities.
Continuous monitoring of logs to detect potentially malicious or unauthorized activity.
Conduct reviews on the causes of any service outages.
Respond to notices of potential incidents from employees, contractors, or external parties.
The Knode.ai security team shall make a determination of whether every indicator is representative of an actual security incident. The severity, scope, and root cause of every incident shall be evaluated, and every incident shall be resolved in a manner and timeframe commensurate with the severity and scope.
In the event that a data breach affecting a customer has been detected, Knode.ai will maintain communication with the customer about the severity, scope, root cause, and resolution of the breach.
7. Business Continuity and Disaster Recovery
How will Knode.ai prevent and recover from events that could interfere with expected operations?
7.1. Availability and Resiliency
Knode.ai services shall be configured in such a manner as to withstand long-term outages to individual servers, availability zones, and geographic regions. Knode.ai infrastructure and data are replicated in multiple geographic regions to ensure this level of availability. Knode.ai availability and status information can be found at status.Knode.ai.
7.2. Disaster Recovery
Knode.ai targets a Data Recovery Point Objective (RPO) of near-zero for at least 7 days and up to 24 hours beyond 7 days.
Due to the distributed nature of Knode.ai services, Recovery Time Objectives (RTO) are near-zero for geographic disasters. RTO for systemic disasters involving data recovery is targeted at 6 hours.
Knode.ai tests backup and recovery processes on at least a monthly basis.
7.3. Business Continuity
Business Risk Assessment and Business Impact AnalysisKnode.ai's risk assessment committee will include business risk assessment and business impact analysis for each Key Business System that is used by the organization. The outcome of ongoing risk assessments will update or create recovery plans for Key Business Systems and update the prioritization of systems compared to other key systems.
Distribution, Relocation, and Remote Work
Knode.ai prioritizes policies, tools, and equipment that enables independent, distributed remote work for all staff if emergencies or disasters strike. If the organization’s primary work site is unavailable, staff can work from home, or an alternate work site shall be designated by management.
Notification and Communication
Knode.ai has established internal communications using secure, distributed providers using industry-standard security protocols. Staff and management will be notified via existing channels during any emergency event or when any data recovery plan is initiated or deactivated.
Contact Information
Knode welcomes your questions or comments regarding this security statement. If you believe that Knode has not adhered to this statement, please contact Knode at security@knode.ai.