Behind the Scenes: Kratos Platform Security
February 25, 2022
By: Ashish Srivastava, Chief Commercial Officer
For Triterras, the security of our platform is both essential to our technology development process and a backbone component to how we do business. My colleague Sri Vasireddy recently began a series of articles on how we are further developing our Kratos platform and here I add insight into the platform’s security enhancements and recent accomplishments over the last year.
In 2021, Triterras achieved a major milestone with IS0/IEC 27001:2013 certification. ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of the organization. The certification also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
ISO/IEC 27001 is an internationally recognized management system for managing information security governance risk. The standard provides a best-practice framework, ongoing governance, and good management of the system to:
- Identify risks to a corporation’s information and minimize them
- Improve reputation and stakeholder confidence
- Increase information security awareness
- Reduce staff-related information security breaches
- Stay up-to-date and comply with relevant legislation
Triterras’ ISO 27001:2013 certification specifically applies to “the provision of a cloud-based commodity trading platform for traders, lenders, banks, insurers, and logistics companies. The ISMS covers all staff, infrastructure and assets.”
Another major platform security-related initiative we recently completed was to upgrade to Amazon Web Services (AWS) to host the Kratos platform as a cloud-based native application. Kratos is now containerized in the AWS infrastructure. This enhances Kratos security by placing it behind a robust “wall” of security tools and protections afforded by the best-in-class AWS infrastructure. The move mitigates a number of potential security issues. For example, as part of the move, Triterras also transitioned its platform blockchain structure from the Ethereum public blockchain to the AWS-managed Hyperledger private blockchain structure. The private Hyperledger blockchain structure offers greater security protections over the public Ethereum framework, while continuing to offer blockchain benefits to our customers.
Looking ahead, an ongoing security initiative will focus on VAPT (Vulnerability Assessment and Penetration Testing). Triterras has engaged a highly qualified third-party cybersecurity specialist consulting firm to perform a series of security tests and audits on the Kratos platform. The information gleaned is fed back to our team, whereby each identified potential security issue is addressed and mitigated. With the audits, we have created a continual feedback loop for identifying and addressing potential issues. The mitigation of these issues is reported to our leadership, including the Company’s Board of Directors.
In summary, while we have accomplished much in the last year, we will continue to make significant and critical investments to augment Kratos platform security. This is a shared responsibility of our Technology Development and Commercial Teams, and we invite you to follow our Insights blog to keep up to date with our future platform enhancement announcements.