Posture & Defenses

Security Policy

Last updated: June 5, 2026

1. Security Philosophy

At Aka Aoi Security, our primary operational directive is ensuring the bulletproof confidentiality, absolute integrity, and immediate availability of all client, partner, and internal systems. Security is not an overlay; it is the fundamental core of our design, implementation, and deployment processes.

Our architecture is aligned with ISO 27001, SOC 2 Type II, and NIST Cybersecurity Framework requirements.

2. Data Protection

We implement industry-leading data lifecycle protection controls:

  • Encryption in Transit: All connections to our network endpoints use TLS 1.3 or high-strength TLS 1.2 with HSTS. Unencrypted HTTP endpoints are blocked by default.
  • Encryption at Rest: Storage pools, databases, backups, and client-facing diagnostic storage nodes utilize AES-256 with key management cycles updated annually.
  • Data Separation: Client deliverables and telemetry reports are isolated in separate logical namespaces to prevent cross-contamination or unauthorized access.

3. Infrastructure Security

We leverage secure cloud architecture and continuous workload analysis to protect our operations:

  • Zero Trust Network Access: We operate on a strict Zero Trust framework. Multi-factor authentication (MFA) is mandatory for all access points.
  • Telemetry and Monitoring: Real-time event logging is fed to our automated SOC pipelines. System behavior is continually inspected at the kernel level via eBPF.
  • Immutable Configurations: Infrastructure is provisioned using secured, code-reviewed Infrastructure as Code (IaC) templates, preventing manual configuration drifts.

4. Application Security and Secure SDLC

Our software engineering practices enforce safety boundaries throughout the build phase:

  • Secure Coding Standards: We maintain a strict Secure Software Development Life Cycle (S-SDLC). All software components undergo static (SAST) and dynamic (DAST) analysis prior to deployment.
  • Dependency Validation: We scan third-party imports and build outputs continuously, maintaining cryptographically signed Software Bills of Materials (SBOMs).
  • Continuous Retesting: Our internal red and purple teaming components perform continuous, targeted offensive security testing on our own systems.

5. Vulnerability Disclosures

We appreciate the collaborative support of the security research community. If you identify a security issue in our systems, please refer to our Responsible Disclosure Policy to submit a report safely and securely.