Overview
Codexium safeguards the infrastructure that underpins your applications, from networks and virtual machines to managed services. We employ layered controls across perimeter, network, host, and configuration management to reduce attack surface and contain threats.
Network Security
- All public endpoints are fronted by TLS-terminated gateways.
- Internal communication leverages private networking and segmented subnets.
- Security groups and firewalls enforce least-privilege routing between services.
- Cloud DDoS protections are enabled where applicable.
Host & Platform Hardening
- Preference for managed services over self-managed systems.
- Hardened base images, regular patching, and minimal open ports for compute workloads.
- Infrastructure as Code (IaC) defines network and host configuration, stored in version control and reviewed via pull requests.
Vulnerability Management
- Regular scanning of dependencies and base images.
- Prioritized patch cycles with out-of-band remediation for critical flaws.
- Integration of vulnerability findings into engineering workflows for rapid resolution.
Shared Responsibilities
Client
- Define environment boundaries and connectivity needs.
- Approve changes that may affect availability or risk posture.
Codexium
- Design secure architectures and maintain segmentation.
- Operate patching and hardening processes.
- Monitor infrastructure and respond to security alerts.
Cloud Provider
- Provide secure data centers and hypervisor isolation.
- Offer platform-level protections and audit logs.