Security is at the core of everything we do.
Our commitment to security is woven into every aspect of our platform, from infrastructure to application design.
Data Protection
We implement comprehensive data protection measures to ensure your information remains secure at every level.
Data at rest
All datastores containing customer data, including object storage and databases, are encrypted at rest using strong, industry-standard encryption algorithms.
Sensitive data is further protected with field-level encryption, ensuring confidentiality even within the storage layer. This means that neither physical nor logical access to the underlying infrastructure is sufficient to access your most sensitive information.
Data in transit
All data transmitted between systems, services, and users is encrypted in transit using strong, industry-standard protocols such as TLS 1.2 or higher.
We enforce secure transmission for all communications, including APIs and internal service calls, to prevent unauthorized interception or tampering. Additional measures such as HTTP Strict Transport Security (HSTS) help ensure the confidentiality and integrity of your data.
Secret management
Encryption keys are managed via cloud Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of the cloud provider and Cubewire.
The keys stored in HSMs are used for encryption and decryption via cloud's KMS APIs. Application secrets are encrypted and stored securely via Secrets Manager and access to these values is strictly limited.
Product Security
Our product security measures ensure robust protection against potential threats and vulnerabilities.
Penetration testing
We engage with one of the best penetration testing consulting firms in the industry at least annually. Our current preferred penetration testing partner is a leading expert in application security.
All areas of the Cubewire product and cloud infrastructure are in-scope for these assessments, and source code is fully available to the testers in order to maximize the effectiveness and coverage.
We make summary penetration test reports available via our Trust Center
Vulnerability scanning
We require vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):
Data Privacy
At Cubewire, data privacy is a first-class priority—we strive to be trustworthy stewards of all sensitive data.
Privacy Principles
Cubewire complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988, ensuring robust data protection and privacy for all personal information we handle.
Regulatory compliance
Cubewire proactively monitors and adapts to changes in privacy regulations and emerging compliance frameworks, ensuring our practices remain up-to-date and aligned with global standards.
Enterprise Security
Our enterprise security program is designed to protect our corporate assets and customer data.
Endpoint protection
All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
Secure remote access
Cubewire secures remote access to internal resources using identity-aware proxies, providing granular access control and strong authentication. We also use malware-blocking DNS servers to protect employees and their endpoints while browsing the internet.
Security education
Cubewire provides comprehensive security training to all employees upon onboarding and annually through educational modules. All new employees attend a mandatory live onboarding session centered around key security principles, and all new engineers attend a session focused on secure coding practices. Our security team shares regular threat briefings with employees to inform them of important security and safety-related updates.
Identity and access management
Cubewire uses Okta to secure identity and access management. We enforce phishing-resistant authentication factors, using WebAuthn wherever possible. Employees are granted access based on their role and are automatically deprovisioned upon termination. Further access must be approved according to the policies for each application.
Vendor security
Cubewire applies a comprehensive, risk-based approach to vendor security. Each vendor is assessed based on their access to sensitive data, integration with our production environments, and potential impact on the Cubewire brand.
After determining the inherent risk, we evaluate each vendor's security controls to establish a residual risk rating and make an informed approval decision.
Security Best Practices
Regular Audits
We conduct regular security audits and assessments.
Continuous Monitoring
Our systems are monitored 24/7 for potential threats.
Employee Training
All employees receive regular security training.
Incident Response
We maintain a comprehensive incident response plan.
Reporting Security Issues
If you discover a security vulnerability, please report it to our security team at support@cubewire.com. We take all security reports seriously and will respond promptly.
p8.io is the parent company of Cubewire. All products and services offered by p8.io, including Cubewire, are subject to and protected by the security, privacy, and compliance controls, policies, and certifications detailed in the Trust Center available at trust.p8.io. For legal and compliance purposes, all such controls apply to the entire p8.io group and its subsidiaries.