Moneta takes our system and data security seriously. Find out how Moneta deals with our system and data security to protect your personal data and applications.
Moneta Systems are hosted on a Virtual Private Cloud on Amazon Web Services (AWS) and Google Cloud Service (GCP) which provide highly secure and scalable technology platform to ensure we can provide you services securely and reliably. You can find out the secure infra structures of AWS Security and GCP Security infrastructure.
Moneta Network Security Team have deployed Defence in Depth Architecture using a network firewall, web application firewall, DDoS protection layer, and a content delivery network.
Our infrastructure on GCP is launched in compliance with the GCP Cloud Architecture from the security perspective incorporating practices from the GCP Security and compliance, also our infrastructure on AWS is compliance with AWS Well Architected Framework and from the security perspective incorporating practices from the AWS Cloud Adoption Framework.
Moneta development team build Moneta applications with a 3-Tier Architecture which incorporates best practices from various standards and certifications.
Moneta Network Team have deployed strict network segmentation and isolation of environments and services in Moneta Cloud Applications.
We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching.
All our servers are launched using the Center for Internet Security Benchmarks for GCP and AWS.
We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis.
We use key management services to limit access to data except the data team.
Stored data is protected by encryption at rest and sensitive data by application level encryption.
We use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability.
We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to access the Moneta Services with maximum assurance.
We have a very aggressive stance on Incident Management on both Systems downtime and Security and have a Network Operations Center and an Information Security Management System in place which quickly reacts, remediates or escalates any Incidents arising out of planned or unplanned changes.
We have an inhouse network security team which uses industry leading products to conduct manual and automated VA/PT activities.
We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration / continuous deployment pipeline.
We also leverage regular Security auditing with CERT-IN certified auditors from India to do periodic external security testing and audits.
We are using CyberSource for Payment Gateway and Ensuring PCI Compliance with CyberSource, which means we have implemented applicable industry standard security controls governed by PCI council that helps us protect all our customer's card data in a highly secure manner.
We are working on LankaClear compliance for the Application Security Sandard in Sri Lanka.
All compliance/audit statuses will be updated in this section in this policy.
We at Moneta are committed about our customer's data and privacy
We blend security at multiple steps within our products with state of the art technology to ensure our systems maintain strong security measures.
The overall data and privacy security design allows us defend our systems ranging from low hanging issue up to sophisticated attacks.
If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Moneta products, we encourage you to report the issue to us responsibly.
You could submit a bug report to us at email@example.com with detailed steps required to reproduce the vulnerability.
We shall put best of our efforts to investigate and fix the legitimate issues in a reasonable time frame, meanwhile, requesting you not to publicly disclose it.