At Openpath, authorizing secure and appropriate access to private spaces — whether physical or digital — is the foundation of our business. We work relentlessly to ensure our platform and customer data are safeguarded with strong security measures and are protected from unauthorized and nefarious parties.
At Openpath, we work tirelessly to be vigilant in our awareness and prevention of the techniques used by hackers to exploit vulnerabilities and infiltrate systems, as well as potential threats on the horizon. Our Co-Founder and Chief Security Officer, Samy Kamkar, a renowned security researcher, dedicates his time to ensure technology companies and the greater public identify vulnerabilities and security gaps in access control, browsers, and other ubiquitous technologies, as well as to help patch them long before they can be discovered and exploited by hackers.
When it comes to the security of our customers’ systems and data, great care and diligence is taken.
Openpath employs many security measures to ensure our system and customers’ data are protected. These measures include items like mandatory multi-factor authentication, complex password requirements, enforced encryption of data in transit and at rest, strong and modern cryptographic protocols, constant internal vulnerability scanning, regular third party penetration testing, external security and compliance auditing (SOC2), environmental isolation, and the principle of least privilege, to name a few.
When it comes to customer data, we ensure that the customer is in control of their data and system. By default, our support team does not have the ability to control or unlock any customer systems, and customers have the capability to enable or disable our team’s ability to even have read access to their system. For example, this could be enabled temporarily to allow a representative to support the system or answer specific questions, and then disabled immediately after by the customer. Additionally, all activity performed on these accounts is stored in an immutable audit log, additionally accessible by the customer.
Internally, we maintain a vulnerability management and information security program to test and remediate any potential system vulnerabilities. As part of this program, the Security team performs constant internal vulnerability scans, uses multiple malware and antivirus scanning products.
In addition to internal vulnerability scans, the Security and Technology teams engage objective third party companies to perform annual penetration testing over our system and products. Our team takes immediate action on any potential risks and have maintained a high level of security with only low risk items ever discovered both internally and by third parties thus far.
Our commitment to our customers is to work hard every day to provide critical security measures and to stay ahead of new exploitation techniques and potential vulnerabilities. We will continue to provide strong systematic security measures that reduce or remove attack surface across our company and product.