Security & Privacy at TwelveLabs.
Our technology is moving fast.
Our security is right on track.
At TwelveLabs, we’re ensuring our technology remains safe even as we break new ground. We’re continuously improving our safeguards, meeting or exceeding industry standards, and monitoring our security posture to ensure that our models, our data and our customers are protected to the fullest extent.
Governance
TwelveLabs establishes policies and controls, monitors compliance with those controls, and proves our security and compliance to third-party auditors.
Data protection
TwelveLabs encrypts and protects sensitive information across the transformation and analysis process.
Access management & authentication
TwelveLabs’ platform provides full control of access to all hosted information
Software development practices
Security processes and have been integrated into the TwelveLabs software development processes.
Infrastructure security
TwelveLabs leverages Amazon Web Services (AWS) and we utilize hardening practices from the Center for Internet Security (CIS) Benchmarks for the platform configuration.
Security awareness training
TwelveLabs’ security awareness training program educates employees on various security threats, risks, and preventive measures.
Governance
TwelveLabs establishes policies and controls, monitors compliance with those controls, and proves our security and compliance to third-party auditors.
Identity and least privilege: Access to data and resources should be attributed to an identity and limited to only those with a legitimate business need and granted based on the principle of least privilege.
Defense in-depth: Apply multiple layers of security controls.
Protect data in transit and at rest: Always protect data in-transit and at-rest from unauthorized access and/or modification.
Landscape evolution: Security controls should continuously be revised and improved to keep up with the ever evolving threat landscape.
Data protection
TwelveLabs encrypts and protects sensitive information across the transformation and analysis process.
Data in Transit - TLS 1.2 or higher for any data exchange over insecure networks.
Data at Rest - All data storage is encrypted at rest with AES 256-bit encryption at minimum.
Access management & authentication
TwelveLabs’ platform provides full control of access to all hosted information
Account Authentication: Enforce advanced authentication methods, using multi-factor authentication wherever possible.
Granular Access Control and Review: Role-based access, visibility and user access rights. Regular access review and analysis.
Audit and Access Logging: Detailed tracking and audit logging of all activities related to the application environment and administrative activity.
Software development practices
Security processes and have been integrated into the TwelveLabs software development processes.
OWASP based security controls design
Separation between dev, staging, and prod
Use of test data in development environment
Code peer review
Penetration testing
Code repository controls
Threat modeling
Deployment control
Infrastructure security
TwelveLabs leverages Amazon Web Services (AWS) and we utilize hardening practices from the Center for Internet Security (CIS) Benchmarks for the platform configuration.
Network intrusion detection
Code vulnerability scanning
Penetration testing
System, network, application log analysis, reporting, and retention
Incident Response Planning & Team in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.
Security awareness training
TwelveLabs’ security awareness training program educates employees on various security threats, risks, and preventive measures.It aims to empower our team members with the knowledge and skills needed to identify and mitigate security issues effectively.
Regular third-party security
TwelveLabs identifies and evaluates security risks of vendors and third parties. Risk evaluation covers:
Access control to customer and corporate data
Integration with production environments
Third-party agreements: TwelveLabs has written agreements in place with vendors and related third-parties. These agreements include confidentiality and privacy commitments applicable to that entity.
