EntryReady is dedicated to providing advanced, secure, and user-friendly access control solutions tailored for the hospitality industry. Our commitment to security and privacy is reflected in our comprehensive approach across several key areas:
Governance
Our Security and Privacy teams establish policies and controls, monitor compliance, and demonstrate our security posture to third-party auditors. Our foundational principles include:
- Access Control: Limiting access based on legitimate business needs and the principle of least privilege.
- Defense-in-Depth: Implementing layered security controls.
- Consistency: Applying security controls uniformly across the enterprise.
- Continuous Improvement: Iteratively enhancing control effectiveness, auditability, and reducing friction.
Data Protection
- Data at Rest: All datastores containing customer data, including S3 buckets, are encrypted. Sensitive collections and tables utilize row-level encryption, ensuring data remains secure even with physical or logical database access.
- Data in Transit: We use TLS 1.2 or higher for data transmission over potentially insecure networks and employ features like HTTP Strict Transport Security (HSTS) to enhance security.
- Secret Management: Encryption keys are managed via AWS Key Management System (KMS), with key material stored in Hardware Security Modules (HSMs). Application secrets are securely stored using AWS Secrets Manager and Parameter Store, with access strictly controlled.
Product Security
- Penetration Testing: We engage leading penetration testing firms at least annually to assess all areas of our product and cloud infrastructure. Summary reports are available upon request.
- Vulnerability Scanning: Our Secure Development Lifecycle (SDLC) includes:
- Static Application Security Testing (SAST) during pull requests and ongoing development.
- Software Composition Analysis (SCA) to identify vulnerabilities in our software supply chain.
- Malicious Dependency Scanning to prevent malware introduction.
- Dynamic Application Security Testing (DAST) of running applications.
- Network Vulnerability Scanning on a periodic basis.
- External Attack Surface Management (EASM) for continuous discovery of external-facing assets.
Enterprise Security
- Endpoint Protection: All corporate devices are centrally managed, equipped with mobile device management (MDM) software, anti-malware protection, and monitored 24/7. Secure configurations, such as disk encryption and software updates, are enforced.
- Vendor Security: We adopt a risk-based approach, evaluating factors like access to data and integration with production environments to determine vendor risk ratings and approval decisions.
- Secure Remote Access: Internal resources are secured using modern VPN platforms built on WireGuard, along with malware-blocking DNS servers to protect employees during internet browsing.
- Security Education: Comprehensive security training is provided to all employees upon onboarding and annually, supplemented by regular threat briefings and mandatory live sessions focused on secure coding principles for engineers.
- Identity and Access Management: Utilizing industry-leading identity management solutions, we enforce phishing-resistant authentication factors, primarily WebAuthn, and manage application access based on roles, with automatic deprovisioning upon employment termination.
Data Privacy
We prioritize data privacy, striving to be trustworthy stewards of all sensitive information.
- Regulatory Compliance: We continuously evaluate updates to regulatory and emerging frameworks to evolve our program.
For more detailed information, please visit our Privacy Policy.
EntryReady offers a suite of advanced access control solutions designed specifically for the hospitality industry, providing secure, efficient, and user-friendly systems to enhance guest experience and operational efficiency.