Ledidi uses a layered security architecture for defence-in-depth with state-of-the-art technologies combined with operational security to provide optimal data protection.
The platform is built on the secure global infrastructure of AWS, and the data is protected end-to-end with encryption of data in transit and at rest in combination with confidential computing to protect data in use. Industry standards are used for encryption, multi-factor authentication, logging, network configuration, backup, data recovery and prevention of attacks.
Secure Architecture: Key Facts
-
End-to-end Encryption with Confidential Computing
All user data in Ledidi Core is protected end-to-end with encryption of data in transit and at rest in combination with confidential computing, which protects data during processing. Ledidi uses the AWS Nitro technology for confidential computing. This ensures that the data processing is performed in a hardware-based, attested Trusted Execution Environment (TEE), which prevents all unauthorised access or modification of code and data while in use. Confidential computing is recognised as “State-of-the-art” technology in GDPR terms by the European Union Agency for Cybersecurity (ENISA).
-
Secure Network Configuration
The components of the solutions are established and run on a separate logical network in AWS (Virtual Private Cloud), and all components are protected by configuration of AWS security groups constituting virtual firewalls. These are used on multiple levels, i.e. to restrict the number of components that need to be in the same network zones to only the ones that are required to be in that specific zone. AWS WAF is used to provide additional protection against web attacks for those resources that have to be exposed on public networks, like the APIs.
-
Data Storage Location
All data is by default stored, processed and backed up in AWS data centres within the European Union.
-
Backup and Data Recovery
All data is backed up at regular intervals. The platform has built-in restore capabilities, which includes the possibility to rebuild in a separate cloud environment to ensure data availability and recovery.