Infrastructure & Network Security

The security of our underlying infrastructure is a critical foundation of our platform. We employ a defense-in-depth strategy to protect our systems and your data, from the physical data center to the network layer.

Cloud Provider Security

Hund utilizes a multi-cloud strategy, hosting our services with major, best-in-class cloud providers. This approach enhances resilience and performance. All our providers are responsible for the physical and environmental security of our servers and maintain industry-leading compliance certifications, such as SOC 2 Type II and ISO 27001, which we review annually.

Network Security

Virtual Private Cloud (VPC)

Our entire production environment is deployed within a logically isolated Virtual Private Cloud (VPC). All internal network traffic, including communication between our application servers and databases, is restricted to this private network and is not exposed to the public internet.

Firewalls and Access Control

We use multiple layers of firewalls to protect our network. Access to our production environment is strictly controlled through security groups and network access control lists (ACLs). All administrative access requires secure, multi-factor, key-based authentication from a limited set of authorized IP addresses.

Application Layer Protection

Our services are protected by a multi-layered defense system at the application layer. This includes a Web Application Firewall (WAF), DDoS mitigation services, and robust rate-limiting controls to defend against brute-force attacks and other automated threats. Our firewalls are configured to block common web-based attacks, such as injection attacks and cross-site scripting (XSS).

Segregation of Environments

Our production and non-production (development, testing) environments are completely segregated. All development and testing occurs on local workstations, which are physically and logically separate from the production environment. No production data is ever used in non-production environments.

System Hardening & Vulnerability Management

System Hardening

All our servers are built from hardened operating system images and are configured in accordance with the security best practices outlined in the Center for Internet Security (CIS) Benchmarks. This includes disabling unnecessary services and applying the Principle of Least Privilege.

Infrastructure as Code (IaC)

We exclusively rely on "coded" infrastructure for our primary application. Our entire production environment is defined and managed through industry-standard configuration management and provisioning tools. This Infrastructure as Code (IaC) approach ensures our systems are built in a consistent, repeatable, and auditable manner, which significantly reduces the risk of manual configuration errors. This also provides us with the flexibility for rapid, emergency redeployment of our services across different cloud providers, further enhancing our resilience.

Vulnerability & Patch Management

We employ automated tools to continuously scan our infrastructure for known vulnerabilities. Identified vulnerabilities are tracked, assessed based on risk, and remediated according to the strict SLAs defined in our internal Hardening Policy. Security patches for our operating systems and critical software are applied on a regular, documented schedule.