Questions from CSOs

At Olympus-Grid, our entire security philosophy is rooted in the Principle of Least Privilege (PoLP). This means that every user, system, and application is granted only the minimum level of access required to perform their specific tasks. By limiting access to sensitive data and critical resources, we significantly reduce the potential attack surface and mitigate risks associated with unauthorized access or accidental misuse.

We implement PoLP through:

• Role-Based Access Control (RBAC): Permissions are tailored to roles, ensuring users only access what is necessary for their responsibilities.

• Scoped API Tokens: API interactions are restricted to predefined scopes, adhering to the least-privilege principle at every integration point.

• Granular Security Policies: Permissions are reviewed and refined regularly to adapt to changes in operational needs while maintaining strict controls.

This approach ensures a secure, streamlined environment while fostering trust and confidence in the platform's integrity.

Olympus-Grid is committed to ensuring the security of your data by leveraging the robust security models provided by your cloud providers. Whether your data resides in Salesforce, Firebase, DynamoDB, or CosmosDB, we work seamlessly within their established frameworks for data encryption at rest, ensuring your data meets the highest standards of security.

Key points about Olympus-Grid's security approach:

• Cloud-Provider Security First: We rely on your cloud provider's built-in encryption and security controls, such as AES-256 encryption for data at rest, to protect your data within their systems.

• Secure Data Exposure: Olympus-Grid securely integrates with your disparate data sources, enabling you to define and maintain your own storage policies while ensuring compliance with your organization’s requirements.

• No Customer Data Storage: Olympus-Grid does not store or process any customer data directly, ensuring that you retain full control over where and how your data is stored.

For organizations using our managed-service offering, Olympus.ai, additional details on security practices and data handling can be obtained by contacting us at info@olympus-grid.com. This commitment ensures that you can confidently manage your data, knowing it is secure within your own trusted cloud ecosystems.

At Olympus-Grid, we prioritize the security of data in movement by implementing best-in-class encryption protocols and secure communication practices across every layer of our technology stack. This ensures that sensitive information remains protected from unauthorized access during transmission.

Our approach includes:

• End-to-End Encryption: All network communication between Olympus-Grid components and external systems is secured using HTTPS (TLS 1.2 or higher), ensuring data integrity and confidentiality throughout its journey.

• Protection of PII: Personally Identifiable Information (PII) is safeguarded by encrypting it before storage or transmission. PII is stored securely in encrypted cookies and session storage, reducing exposure to potential threats.

• Secure Session Management: Session cookies are encrypted and configured with security attributes such as HttpOnly and Secure, preventing unauthorized access or tampering during transit.

• Layered Security Controls: By combining encryption at multiple levels and maintaining strict access controls, we ensure that your data is secure whether it's being transmitted between systems, processed within applications, or accessed by authenticated users.

Olympus-Grid is designed to meet and exceed your security expectations, ensuring that data in motion is always protected against modern cyber threats.

At Olympus-Grid, we take the security and integrity of our source code very seriously. Our robust source control practices are designed to ensure that all code contributions are authentic, secure, and meet our strict quality standards. Here’s how we handle our source code:

• Strict Source Control System: All source code is managed in a secure, centralized source control system that enforces role-based access control and adheres to industry best practices.

• Developer-Signed Commits: Every code commit is cryptographically signed by the contributing developer to verify authenticity and prevent unauthorized changes to the codebase.

• Secure Offshore Access via Jump Boxes: For offshore developers, access to repositories is restricted through secure jump boxes with multi-factor authentication (MFA), ensuring all access is monitored and tightly controlled.

• Peer Review for Pull Requests: Every pull request undergoes a thorough review by a peer developer to ensure code quality, functionality, and security compliance. No changes are merged into the codebase without explicit approval from at least one qualified peer.

• Package Creation and Distribution Approval: Any packages created from the source code must pass an additional approval process:

  • Product Manager Approval: Ensures alignment with product goals, business requirements, and user expectations.

  • Technical Architect Approval: Ensures adherence to architectural standards, performance, and security requirements.

These measures create a secure and collaborative development environment, ensuring that Olympus-Grid maintains the highest standards of code quality and security at every step of the software development lifecycle.

• Philosophy: Trust no one, verify everything. Every user, device, and application must continuously authenticate and prove their identity, regardless of whether they are inside or outside the network perimeter.

• Principles:

  • Micro-segmentation to isolate resources.

  • Continuous monitoring of user behavior and device health.

  • Explicitly verify every request before granting access.

• Philosophy: Layered security controls protect against breaches even if one layer is compromised.

• Principles:

  • Use multiple security measures such as firewalls, intrusion detection systems, endpoint protection, and encryption.

  • Enforce redundancy to mitigate single points of failure.

  • Overlap responsibilities across layers (e.g., encrypt data at multiple layers).

• Philosophy: Security is not an afterthought; it is integrated into every stage of the development lifecycle.

• Principles:

  • Use threat modeling during design phases to predict vulnerabilities.

  • Automate security tests in CI/CD pipelines (e.g., static/dynamic analysis, vulnerability scanning).

  • Adopt secure coding practices to minimize common vulnerabilities (e.g., SQL injection, buffer overflows).

• Philosophy: Be prepared for inevitable security incidents with robust detection, response, and recovery mechanisms.

• Principles:

  • Maintain a tested incident response plan.

  • Log and monitor all critical events to detect threats in real time.

  • Build failover and disaster recovery mechanisms to minimize downtime.

• Philosophy: Centralize identity management while enforcing strong access controls.

• Principles:

  • Use Single Sign-On (SSO) and Multi-Factor Authentication (MFA).

  • Implement dynamic access controls based on risk scoring.

  • Regularly audit and revoke unnecessary access rights.

• Philosophy: Systems and software are configured to minimize vulnerabilities and ensure compliance with security standards.

• Principles:

  • Harden all system configurations (e.g., disable unused ports, protocols, and services).

  • Maintain an inventory of software and hardware configurations.

  • Enforce compliance using tools like Infrastructure as Code (IaC) with built-in security checks.

• Philosophy: Continuously identify, assess, and remediate security vulnerabilities.

• Principles:

  • Regularly scan for vulnerabilities in infrastructure, dependencies, and code.

  • Apply patches promptly to address known vulnerabilities.

  • Prioritize remediations based on risk impact.

• Philosophy: Protect against risks introduced through third-party dependencies and vendors.

• Principles:

  • Verify package integrity with checksums and signatures.

  • Enforce strict version controls for third-party libraries.

  • Audit vendor and partner security practices.

• Philosophy: Collect and retain only the data necessary for your operations to reduce risk exposure.

• Principles:

  • Limit data retention periods and anonymize data where possible.

  • Avoid collecting sensitive data unless absolutely necessary.

  • Regularly purge obsolete or redundant data.

• Philosophy: People are the weakest and strongest link in security; train them to recognize threats.

• Principles:

  • Conduct regular security training for employees, developers, and stakeholders.

  • Simulate phishing attacks to raise awareness.

  • Foster a culture of responsibility and accountability.

• Philosophy: Security measures should be auditable to demonstrate compliance and detect issues proactively.

• Principles:

  • Maintain tamper-proof audit logs for all critical operations.

  • Regularly audit security practices against compliance standards (e.g., SOC 2, ISO 27001).

  • Enable customers and stakeholders to review and understand your security practices.

• Philosophy: Stay ahead of emerging threats by monitoring the security landscape.

• Principles:

  • Integrate threat feeds and intelligence services into security operations.

  • Leverage machine learning for anomaly detection and predictive analysis.

  • Update security protocols to counteract new vulnerabilities and attack methods.

• Philosophy: Incorporate privacy protections into the system’s architecture to protect user data from collection to deletion.

• Principles:

  • Implement data masking and pseudonymization techniques.

  • Provide transparency to users about how their data is used.

  • Build systems that support data subject rights, such as the right to access, modify, or delete their data.

Olympus-Grid employs industry-standard encryption protocols to safeguard data. Data in transit is protected using TLS 1.2 or higher, ensuring secure communication between clients and servers. For data at rest, Olympus-Grid utilizes AES-256 encryption, ensuring that stored data remains secure against unauthorized access.

Access to sensitive data within Olympus-Grid is governed by strict access control policies. Role-based access control (RBAC) ensures that users have only the permissions necessary for their roles. Additionally, multi-factor authentication (MFA) is implemented to add an extra layer of security, reducing the risk of unauthorized access.

Olympus-Grid is designed to comply with major industry standards and regulations, including GDPR, HIPAA, and ISO 27001. Regular audits and assessments are conducted to ensure ongoing compliance, and the platform is updated as necessary to adhere to evolving regulatory requirements.

Yes, Olympus-Grid provides comprehensive logging and monitoring features. Security events are logged in real-time, and the system integrates with Security Information and Event Management (SIEM) solutions to facilitate rapid detection and response to potential security incidents.

Olympus-Grid follows a proactive approach to vulnerability management. Regular vulnerability assessments and penetration tests are conducted to identify potential weaknesses. When vulnerabilities are discovered, patches are developed, tested, and deployed promptly to mitigate risks.

Third-party integrations with Olympus-Grid are subjected to rigorous security evaluations. APIs used for integrations are secured using OAuth 2.0, and data exchanged with third-party services is encrypted. Additionally, third-party vendors are assessed for their security practices to ensure they meet Olympus-Grid's security standards.

User activities within Olympus-Grid are continuously monitored. Anomalies such as unusual login attempts or data access patterns trigger alerts for further investigation. Audit logs are maintained to provide a detailed record of user actions, supporting both security monitoring and compliance requirements.

Yes, Olympus-Grid includes data loss prevention features designed to protect sensitive information. Policies can be configured to prevent unauthorized sharing or transmission of confidential data, and automated actions can be triggered when potential data loss incidents are detected.

Regular backups of data are performed to ensure data integrity and availability. Backups are encrypted and stored securely to prevent unauthorized access. The backup process is automated, and restoration procedures are tested periodically to ensure data can be recovered in the event of a disaster.

Olympus-Grid offers robust support for incident response. In the event of a security incident, a dedicated response team is available to assist with investigation, containment, eradication, and recovery efforts. Post-incident analyses are conducted to identify root causes and implement measures to prevent future occurrences.

User input is sanitized and validated using both client-side and server-side measures. In the React.js frontend, we ensure user inputs are escaped to prevent the injection of malicious code. Input validation is performed through controlled form elements, validation libraries, and additional sanitization functions to ensure inputs conform to expected formats. Inputs are also revalidated in the backend to prevent bypassing client-side controls.

React’s design inherently mitigates many DOM-based XSS vulnerabilities by escaping and encoding content by default. Specifically, all dynamic content is automatically escaped unless explicitly rendered using dangerouslySetInnerHTML. Our application avoids the use of dangerouslySetInnerHTML entirely to reduce exposure to DOM-based XSS. Regular code reviews and security scans ensure no new vulnerabilities are introduced inadvertently.

Yes, Olympus-Grid leverages Salesforce’s built-in Content Security Policies (CSP) to protect against XSS and other browser-based attacks. CSPs restrict the sources from which scripts, styles, and other resources can be loaded. For the Olympus-Grid frontend, additional CSP headers are being evaluated and can be customized to align with client requirements for added security.

To prevent abuse of serverless functions, Olympus-Grid implements rate-limiting and throttling mechanisms. For example:

• API Gateway Throttling: Maximum request rates are enforced to limit the number of requests per user or IP address within a specific time frame.

• Function Quotas: Execution quotas are configured to prevent excessive function invocations and protect against unexpected costs.

• Abuse Monitoring: Requests are monitored for unusual patterns, and flagged IPs or users are automatically blocked. Future updates will include advanced techniques such as dynamic throttling based on user roles and request importance.

Environment variables and secrets are securely stored and managed in the Salesforce backend. They are accessed through scoped API calls that retrieve them on-demand, ensuring they are not hard-coded into the application. User authentication tokens are temporarily stored in browser storage (localStorage/sessionStorage) and are encrypted before use. We are currently transitioning to secure, short-lived tokens combined with HTTP-only cookies to further enhance security.

Apex code is reviewed and tested for vulnerabilities using static code analysis tools like Salesforce’s Code Analyzer and Checkmarx. Specific measures to prevent SOQL injection include:

• Using bind variables in SOQL queries to sanitize inputs.

• Applying field-level security (FLS) and object-level security (OLS) checks.

• Conducting peer reviews of Apex code to identify potential vulnerabilities.

Olympus-Grid employs scoped OAuth tokens to control access to Salesforce APIs. These tokens are configured with the least-privilege principle, granting only the permissions required for the requested operations. Additional validation checks are performed at the API gateway level to enforce granular access controls.

All data transmitted between Olympus-Grid components and external systems is encrypted using TLS 1.2+ to ensure secure communication. For data stored within Salesforce, Salesforce Shield ensures encryption at rest for sensitive fields and records. The encryption follows industry standards such as AES-256.