Security Best Practices Checklist | Skyflow

At Skyflow, we go above and beyond industry security requirements to ensure that your data is secure. Here is a checklist of our security best practices that you can use for your implementation.

IAM
- Differentiate between user and applications accounts.
- Ensure your service accounts and user permissions follow the principle of least privilege. In other words, give the lowest privileges possible so that access is granted only for necessary permissions.
- Define personas and proper unique users and service accounts for usages.
- Separate accounts for administration vs application runtime.
- API keys don’t expire. In some instances, this is a convenience in terms of usability. However, the onus is on you and your partners or customers to protect the API key and monitor its usage securely.
- For service accounts, set a reminder for the one-year credential expiration.
- Secure service account credentials by storing them in designated secret stores with built-in security, and securely pass info to runtime applications (for example, by using environment variables).
Governance
- Define proper governance policies for different functional roles and applications.
- Create new custom roles as needed to specify exactly who gets which privileges.
- Rotate service account keys before their expiration date.
Tokens
- Secure your data tokens as if they were sensitive security data. In other words, allow only authenticated users, and use proper access control to restrict who can see which tokens on a need-to-know basis only.
- If possible, use UUID4 format tokens to allow for maximum entropy. This is the Skyflow out-of-the-box option.
Integration
- Use content security policy directives to secure content in SDK iframes.
Monitoring
- Integrate the Skyflow Audit Log API into your SIEM to analyze and detect abuses or anomaly behavior.
Network
- Provide network IPs of API clients or setup AWS PrivateLink, where applicable, to further restrict and secure data traffic.