A common adage among cybersecurity professionals is that when it comes to data breaches, it’s not a matter of if, but when. Post-pandemic, this general truth has become even more pronounced as opportunistic cyber attackers continue to exploit vastly expanded attack surfaces brought on by the global shift to remote work and increased reliance on online services. Suffice to say, data security and privacy should be a foundational priority for every organization, regardless of size or industry. 

While sectors such as healthcare and manufacturing have recently experienced significant increases in the volume and severity of data breaches, banks, financial firms, and fintechs remain prime targets for malicious actors. The financial sector experienced its worst year yet in 2021, and 2023 is set to overtake the record number of data compromises. 2022 also saw a record median number of financial data breaches at 1,802. These troubling statistics highlight the importance of financial firms adopting a data-security focused enterprise risk management strategy to thrive in today’s rapidly evolving cyber threat landscape.  

At Akoya, strong data security is at the heart of everything we do, and our priority since day one has been protecting the data of our customers, partners, and team members while enabling them to innovate safely 

Akoya’s data security measures and protocols, as well as crucial facets of our data security and privacy programs and initiatives, are comprised of six non-exhaustive pillars covering critical areas for data security and privacy:  

  • Secure data handling
  • Encryption
  • Frameworks and architectures
  • Security models and protocols
  • Compliance and testing/audits
  • Human firewalls 

Our goal in developing and implementing these data security measures is to instill confidence in data providers and data recipients joining Akoya’s data access network and, more broadly, to bring about a safer and more cyber resilient Open Finance ecosystem. 

Secure data handling

Intended to protect both our organization and customers against evolving threats, Akoya maintains a policy defining strict requirements for information classification, labeling, handling, monitoring, and disposal (i.e., lifecycle management) for all Akoya data.  

Encryption

All data traversing our platform is encrypted in transit using industry standard encryption algorithms. Encryption at rest for customer data is not required because Akoya does not store personal customer data. 

Frameworks & architectures

Akoya adheres to industry standards for our systems and infrastructure to ensure that data is protected, users are safe, and businesses can thrive in an open market. Taking into consideration Akoya’s risk appetite, our policies are continuously guided by the following:  

Security models & protocols

Several prevailing security models are coming into the forefront, as old models such as perimeter-based security and “trust but verify” security models are increasingly ineffective at protecting data. For this reason, Akoya has adopted and integrated several innovative security models and protocols to keep its assets and data safe from unauthorized access. 

Zero Trust 

Akoya’s platform is built on the Zero Trust security framework.  Zero Trust requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.  

Least privilege 

Akoya access controls are based on the principle of least privileges.  Least Privilege access ensures users only have access to the resources they need to complete the task. It also only allows users access to the tools and applications they need for their specific job function.  

 Defense-in-depth 

We’ve incorporated defense-in-depth in our data security and privacy strategy, with the goal of creating multiple layers of controls for reducing cyber risk. The ability to ensure confidential/highly confidential data is private and protected from accidental or intentional disclosure is a critical control within a defense-in-depth security architecture.  

Compliance & testing/audits

The Akoya team has a strong commitment to maintaining the highest standards of privacy for all our systems, programs, and services. To this end, we work closely with the industry’s leading experts who help us stay on top of the latest trends in data security so that we can continue to offer the most secure technology available. We are constantly improving our security protocols to stay on top of new threats as they arise.  

For Akoya, attaining SOC 2 Type II attestation was critical to validating its information security and operational practices to both internal stakeholders and clients, despite not storing any sensitive client data in the cloud. As one of the most rigorous and well-regarded cybersecurity compliance standards, SOC 2 attestations (and related reports) are increasingly required by clients when evaluating a vendor’s ability to protect their data. 

Human firewalls

While it is often said that people are the weakest link in cybersecurity, at Akoya, we believe that an organization’s employees are its greatest defense. Our team members receive regular training in proper cyber hygiene, and our development teams are regularly trained and updated on the latest DevSecOps practices and tools. We're constantly improving and maintaining our security protocols and robust security program. Our dedicated teams of security experts work with our clients to ensure that their data is always protected. 

Akoya's approach to security

Akoya is committed to ensuring that our data security and privacy methodologies and controls are updated, and that our products are aligned with systems and infrastructure industry standards. We consider data protection instrumental to our success and will continue to evolve our efforts accordingly. 

For more information regarding Akoya’s approach to data security and privacy, please refer to our security page and security articles.