AI security from the ground up. The Modzy Platform brings enterprise-grade authentication, authorization, and user management features to meet our customer’s stringent security, auditing, and governance requirements.
Crucial to AI security, the Modzy platform is robust, accessible, and secure, in addition to providing an added layer of security for models deployed via the platform. In an on-premise deployment, only privileged users, such as software administrators, would have access to model infrastructure on the Modzy platform. All other users would only be able interact with the Modzy platform, without access to the underlying model infrastructure.
In cloud-based deployments, Modzy’s own security credentials are augmented by the cloud providers’ access controls; this further reduces the number of people with access to the Modzy infrastructure. The result is a safe, secure infrastructure.
Today, least-privilege can be combined with negligible access times to minimize the ability to access the information and IP stored on Modzy. Modzy Labs is also researching other cutting edge techniques for AI security.
API Security for AI
Modzy is built to follow the Zero Trust model for securing modern applications. Not only will Modzy operate within the security environment of your on-premise data center or cloud-based infrastructure, but we add additional layers to ensure both data and AI security.
- Authentication ties into your existing Identity Provider
- API usage is controlled via API Keys which are always associated with a single person, and Role-Based Access Control to limit permissions to specific actions in the Modzy API
- All Modzy services employ mutual TLS authentication which, combined with network policies, ensure that only the expected traffic from verified sources is allowed to traverse the network, and is end-to-end encrypted at all times
- Comprehensive auditing of all API actions
Modzy is built to comply with a wide range of security standards for software products, including those set forth by NIST, FISMA and FedRAMP.
- Access Control
- Awareness and Training
- Audit and Accountability
- Security Assessment and Authorization
- Configuration Management
- Contingency Planning
- Identification and Authentication
- Incident Response
- Media Protection
- Physical and Environmental Protection
- Personnel Security
- Risk Assessment
- System and Services Acquisition
- System and Communications Protection
- Systems and Information Integrity