Precog Express Security

Authentication

Precog Express leverages Auth0 allowing customers to easily integrate and leverage their existing investments to securely authenticate to the Precog Express application without requiring costly or complex integrations to enable single sign-on.  

Web Portal Security

All connectivity to the Precog Express application is encrypted by default.  To offer the best protection to our customers Precog Express supports TLS 1.2+.  No older protocols are supported to protect your data and access to the system.  Any connection to the portal on non-encrypted channels is redirected to an encrypted connection.

Connectors and Data Destinations

Precog Express leverages encrypted connections by default.  This is to ensure that when your data is being transferred it is encrypted while in flight and cannot be read by anyone else.  This provides encryption when pulling data from your selected SAAS or other data source and encryption when transmitting it to your selected data destination.  

Precog Express Access Requirements

Precog Express does not require any access other than READ access to a data source.  The system is designed to read the data and not modify the data in its original source.  For access to destinations, Precog Express requires creation rights in the destination.  The solution must be able to CREATE a schema, CREATE the tables in the data destination and then WRITE to the tables created.  The account must also grant the ability for the Precog Express solution to read the tables that were written.

Customer Data Storage and Security

Precog Express ensures data at rest is encrypted with industry-standard AES 256 encryption when at rest.  Data that is transmitted through the Precog Express environment is NOT stored long term.  The data is temporarily staged in an encrypted storage location where access is minimized.  Customer data is isolated logically from other customers to ensure data cannot be accessed by other customers.  Only trained Precog employees may access the location when trying to troubleshoot transmission problems.  The data is temporarily staged till it can properly be transmitted to the customer’s selected destination.  All data stored in these locations are automatically purged after 14 days of initial creation.  

For all customers transmitting data through the Precog Express solution, all source and destination access credentials or access keys are retained securely in an encrypted database.  This ensures continued operation and transmission of the customer’s data.  These credentials and access keys can be updated by the customer at any time to ensure the credentials and keys can be rotated as needed by the customer.  The database storing all customer configurations is backed up and the backups are encrypted for added protection.

Platform Security

Precog Data, Inc. believes strongly in protecting our application and your data privacy.  The back-end infrastructure is built on a cloud-first principle.  Access to the core hosting platform requires MFA to access and no administrative access is permitted without MFA.  Access to the back end is managed via roles and all access is set up as least privilege to ensure minimal necessary access is granted for individuals to complete their required tasks.

The back-end systems are hardened to industry-standard benchmarks for security and monitored for constant compliance with those benchmarks.  The solutions logs are centralized allowing for rapid troubleshooting of problems along with easy analysis of logs for security events.  Systems are monitored with automated alerts for both security and performance-related issues.