Security & Accreditation

Security is embedded throughout the Modzy platform, APIs and SDKs, and through the power of adversarial defense

Security from the ground up. The Modzy AI Platform brings enterprise-grade authentication, authorization, and user management features to meet our customer’s stringent security, auditing, and governance requirements.

Crucial to this effort, the Modzy platform is robust, accessible, and secure – both for models deployed via the platform. Like all IT systems, the Modzy infrastructure has a limited number of privileged users. In an on-premise deployment, only privileged users, such as software administrators, would have access to model infrastructure on the Modzy platform. All other users would only be able interact with the Modzy platform, without access to the underlying model infrastructure.

In cloud-based deployments, Modzy’s own security credentials are augmented by the cloud providers’ access controls; this further reduces the number of people with access to the Modzy infrastructure. The result is a safe, secure infrastructure.

 

  • Our current infrastructure enforces least-privilege access while allowing negligible access opportunities for exploitation.
  • Modzy’s future infrastructure is taking our commitment a step further by including designs from Modzy Labs to leverage encryption schemes that will protect both our platform models and data running through it from future threats.

Today, least-privilege can be combined with negligible access times to minimize the ability to access the information and IP stored on Modzy. Modzy Labs is also researching other cutting edge techniques for AI security. 

API Security

Modzy is built to follow the Zero Trust model for securing modern applications. Not only will Modzy operate within the security environment of your on-premise data center or cloud-based infrastructure, but we add additional layers to ensure that your data is secure.

 

  • Authentication ties into your existing Identity Provider
  • API usage is controlled via API Keys which are always associated with a single person, and Role-Based Access Control to limit permissions to specific actions in the Modzy API
  • All Modzy services employ mutual TLS authentication which, combined with network policies, ensure that only the expected traffic from verified sources is allowed to traverse the network, and is end-to-end encrypted at all times
  • Comprehensive auditing of all API actions

 

Accreditation

The Modzy AI Platform is built to comply with a wide range of security standards, including those set forth by NIST, FISMA and FedRAMP. 

  • Access Control 
  • Awareness and Training 
  • Certification, Accreditation, and Security Assessment
  • Configuration Management
  • Contingency Planning
  • Identification and Authentication 
  • Incident Response
  • Maintenance
  • Media Protection 
  • Physical and Environmental Protection 
  • Planning 
  • Personnel Security 
  • Risk Assessment 
  • System and Services Acquisition 
  • System and Communications Protection
  • Systems and Information Integrity

 

Get Details on Quick Start Program