Security

Vulnerability management

If you are a Casie user and you would like to report a vulnerability or have a security concern regarding Casie, please email security@casie.ai.

Casie's vulnerability management process is designed to remediate risks without customer interaction or impact. We are notified of vulnerabilities through internal and external assessments, system patch monitoring, and third-party mailing lists and services. Each vulnerability is reviewed, ranked based on risk, and assigned to the appropriate team for resolution.

Infrastructure

Physical security

Casie's physical infrastructure is hosted and managed within secure data centers and utilizes industry-standard technology. These data centers undergo regular assessments to ensure compliance. The data center operations have been accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX). These data centers are located in nondescript facilities with military-grade perimeter control berms and other natural boundary protections.

Environmental safeguards

Casie's data center vendor is equipped with automatic fire detection and suppression equipment to minimize the risk of fire-related incidents. The atmospheric conditions within the data centers are carefully maintained to ensure optimal levels of temperature and humidity. Data center personnel continuously monitor the electrical, mechanical, and life support systems to promptly identify and address any issues. Preventative maintenance is regularly performed to ensure the ongoing functionality of equipment and mitigate potential risks.

Data security

A private AI-based platform

Casie keeps knowledge base data and prompts secure and private. Each organization's data set is isolated and is not used in training data for any other organization. Customer data is stored in separate access-controlled databases per application. Each database requires a unique username and password that is only valid for that specific database and is unique to a single application.

Backups

Casie ensures that data is backed up to secure, access-controlled, and redundant storage. Our platform allows for recovering databases and restoring system instances. In addition, our infrastructure is designed to be fault-tolerant and automatically replaces failed instances.

Network security

Firewalls

Casie implements firewalls to control access to systems from external networks and between internal systems. By default, all access is denied, and only explicitly allowed ports and protocols are permitted based on business requirements. Each system is assigned to a firewall security group based on its function, ensuring that access is restricted to the necessary ports and protocols to mitigate risk. Additionally, host-based firewalls are used to further isolate customer applications by restricting localhost connections over the loopback network interface and limiting inbound and outbound connections as needed.

DDoS Mitigation

Casie's infrastructure incorporates various DDoS mitigation techniques, including TCP Syn cookies and connection rate limiting. We maintain multiple backbone connections and internal bandwidth capacity that exceeds the bandwidth provided by Internet carriers. These measures help protect against DDoS attacks and ensure the availability of our services.

Spoofing and Sniffing Protections

To prevent IP, MAC, and ARP spoofing, Casie employs managed firewalls that actively monitor and block any attempts at spoofing on the network and between virtual hosts. Packet sniffing is also mitigated through infrastructure measures, such as the hypervisor, which ensures that traffic is only delivered to the intended interface. Additionally, Casie utilizes application isolation, operating system restrictions, and encrypted connections to further enhance security and mitigate risks at all levels.

Port Scanning

Port scanning is strictly prohibited within Casie's network. Any reported instances of port scanning are promptly investigated by our infrastructure provider. When port scans are detected, immediate action is taken to stop the scan and block access, ensuring the integrity and security of our systems.

System security

Casie maintains system configuration and consistency through standard, up-to-date images, configuration management software, and by replacing systems with updated deployments. System authentication requires username and key authentication, and password authentication is not allowed to prevent password brute force attacks.

Privacy

Casie has a published privacy policy that clearly defines what data is collected and how it is used. We take steps to protect the privacy of our users and the data stored within the platform. Some of the protections include authentication, access controls, data transport encryption, and the ability for users to encrypt stored data.

Employee screening and policies

As a company, Casie conducts pre-employment background checks on all employees and has security and acceptable use policies in place.

Customer security best practices

To ensure the security of your interactions with Casie, we recommend the following best practices:

• Use strong passphrases for your Casie user account and SSH keys.

• Be mindful of the security practices of any third-party services you choose to use with Casie.