In our previous article, we discussed the risks associated with storing crypto in a custodial wallet. In this article, we aim to outline how we mitigate those risks.
The Paybis wallet leverages the infrastructure provided by one of the industry leaders — Fireblocks. Fireblocks is renowned for its strong focus on security and safety.
Among the various security features that Fireblocks provides, the following are particularly noteworthy:
- SOC 2 Type II certification
- ISO 27001, ISO 27017, and ISO 27018 certifications
- MPC (Multi-Party Computation) technology
- Secure enclave
- Policy Engine
We will delve into each of these features in more detail below.
1. SOC 2 Type II certification - SOC 2 Type II certification is an auditing procedure that ensures a company securely manages data to protect the interests and privacy of its clients. It signifies that a service provider has passed the evaluation of their non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy over a specified period. This certification is a marker of trust and reliability for customers seeking secure and compliant cloud services.
2. ISO 27001 is an international standard for managing information security, ISO 27017 provides guidelines on the security aspects of cloud computing, and ISO 27018 establishes a code of practice for protecting personal data in the cloud. Together, these certifications demonstrate that an organization follows best practices in information security management, specifically within cloud services, ensuring the confidentiality, integrity, and availability of data. They are indicators of a company's commitment to implementing a comprehensive and continuously improving information security management system (ISMS).
3. MPC (Multi-Party Computation) technology is a cryptographic protocol that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. It enables secure, distributed decision-making and processing without a single point of failure or trust, enhancing the security of digital transactions and data sharing. This technology is particularly valuable for enhancing privacy and security in blockchain operations and secure data processing.
4. Layer 2 secure enclaves provide an advanced security feature where private key shares are stored in a protected area of the processor hardware, inaccessible to the operating system and immune to extraction by malware or hackers. The data within these enclaves is encrypted, ensuring its integrity even if the server is compromised. Fireblocks employs various secure enclave technologies, such as Intel SGX, AWS Nitro, and Hardware Security Modules (HSMs), to fortify private key management.
5. The Policy Engine is a security feature that allows organizations to implement tailored approval policies for each transaction. Users can configure a set of rules that govern the execution and authorization of transactions, ensuring compliance with the organization's specific security protocols and risk management strategies. This engine enhances control over transaction flows and reinforces operational security.