# Security Akamas takes security seriously and build enterprise-grade software where customer data is kept safe at all times. This document provides security information for Akamas Insights, designed to help security teams and compliance officers understand the platform's security posture, data handling practices, and compliance considerations. ## Data Management ### Types of Data Handled Akamas Insights processes and stores the following types of information: **System Configuration and Performance Metrics**: Akamas collects resource utilization and configuration data from your Kubernetes clusters and monitoring platforms. This includes CPU and memory usage patterns, pod and container metrics, node capacity information, workload configurations, and application runtime metrics such as JVM garbage collection statistics. The platform also captures metadata like cluster names, namespace identifiers, workload names, and resource request/limit configurations. This data enables optimization recommendations while containing no application-specific content or business logic. **User Account Information**: User authentication and session management data including email addresses, display names, and secure session tokens. This information is managed through our authentication partner (Auth0) and is used solely for access control and user identification within the platform. **Integration Credentials**: Akamas make use of API tokens, keys, and endpoint URLs for connecting to your monitoring platforms (Dynatrace, Datadog, Prometheus, etc.). When configured, the platform may also store credentials for Git providers (GitHub, GitLab) to facilitate recommendation deployment workflows. All credentials are encrypted at rest and transmitted only over secure channels. When accessing these integration endpoints we aim at minimizing the required permission scope to what is actually need to perform the integration actions. ### Data Not Collected Akamas Insights does **not** collect, process or store: * Application logs or log content * Application data or database content * Secrets or passwords from Kubernetes resources * Network traffic content * User activity within applications * Personal data beyond those mentioned above ## Authentication and Access Control ### Authentication Akamas Insights uses enterprise-grade authentication powered by Auth0, a leading identity management platform. All authentication flows follow industry best practices and comply with modern security standards including OAuth 2.0 and OpenID Connect protocols. ## Data Encryption ### Data in Transit **HTTPS/TLS**: * All communication between browser and Akamas Insights uses HTTPS with valid SSL/TLS certificates * TLS 1.2 or higher enforced **API Communications**: * Connections to monitoring platforms (Dynatrace, Datadog, etc.) use HTTPS or the encryption method suggested by the monitoring platform vendor * No sensitive data is transmitted in URL parameters ### Data at Rest **Storage Encryption**: * All metrics data and backup systems use encryption at rest * Encryption keys are managed according to industry best practices **Credentials Storage**: * API tokens and keys stored in encrypted configuration files using secure key management * Session tokens stored in browser cookies with Secure and HttpOnly flags * No credentials stored in plain text or application logs ## Industry Certifications Akamas Insights does not currently hold specific security certifications (PCI-DSS, HIPAA, SOC 2). Considering the kind of data that is managed within Akamas (see section "Types of Data Handled"), specific security certifications like PCI or HIPAA are not required as the platform does not manage payment or health-related information. ## Logging Akamas Insights do not read and store any user application logs. Logs produced by the Akamas platform are managed by a log aggregation system that takes care of storing them in a secure way. Logs are collected in standard formats and contain necessary information to audit user action and inspect eventual security and functional incidents. ## Code Scanning Policy Akamas follows secure software development practices with automated code scanning integrated into the continuous integration pipeline. The development process includes: * **Automated Security Scanning**: CVE analysis on every build and weekly scans * **Security Standards**: Comprehensive checks against CVE, SANS Top 25, and OWASP Top 10 Security scan results are reviewed by the development team, and identified issues are prioritized based on severity and addressed according to established internal remediation timelines. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.akamas.io/insights/getting-started/getting-started/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.