Flare Kite CISO Information (Information Security)

Notices

Customers are responsible for making their own independent assessment of the information in this document. This document:

1. Is for informational purposes only.
2. Reflects Flare Kite's current product offerings and practices, which are subject to change without notice.
3. Does not create any commitments or assurances from Flare Kite, its affiliates, suppliers, or licensors.

Flare Kite's products and services are provided "as is" without warranties, representations, or conditions of any kind, whether express or implied. The responsibilities and liabilities of Flare Kite to its customers are governed by agreements in place and not by this document.

Abstract

This whitepaper provides a comprehensive overview of the Flare Kite service through a security lens. It is designed for Chief Information Security Officers (CISOs), information security groups, security engineers, enterprise architects, compliance teams, and other stakeholders interested in understanding the platform's security underpinnings.

Introduction

Flare Kite is a scalable SaaS monitoring platform used by IT teams and Managed Service Providers (MSPs) to achieve monitoring scalability, performance management, and cost efficiency. Flare Kite handles thousands of requests per second and serves millions of operations monthly, enabling customers to optimize support costs, reduce time to resolution, and enhance agility.

Built on a managed SaaS environment model, Flare Kite significantly reduces the attack surface and simplifies cloud security. This document outlines Flare Kite’s architecture, security, and compliance practices.

About Flare Kite Monitoring

Flare Kite is an event-driven SaaS monitoring solution powered by AWS Lambda. This serverless compute service ensures scale, performance, and security while automating backend processes such as server maintenance, capacity provisioning, and code monitoring. By leveraging AWS Identity and Access Management (IAM), Flare Kite provides fine-grained access control and compliance support.

Section 1: Serverless Platform

Serverless Technology

Flare Kite operates on highly available, fault-tolerant infrastructure spanning multiple AWS Availability Zones. AWS Lambda’s integration with CloudWatch, CloudTrail, and IAM enables robust monitoring, logging, and secure resource management.

Shared Responsibility Model

Flare Kite’s security and compliance model is shared with AWS:

• AWS Responsibilities: Physical security, infrastructure, and environment management.
• Flare Kite Responsibilities: Application code security, IAM management, and customer data protection.

Storage and State

Execution environments for Flare Kite’s Lambda functions are unique per version and customer, ensuring isolation and data security. Persistent data or state is used to optimize performance but is securely destroyed as part of the lifecycle.

Runtime Maintenance

AWS Lambda supports multiple programming languages, automatically updates runtime environments, and performs regular security scans to ensure patching and compatibility.

Auditing Functions

Flare Kite utilizes AWS services for monitoring and auditing:

• Amazon CloudWatch: Tracks request metrics and errors.
• AWS CloudTrail: Enables operational and risk auditing.
• AWS X-Ray: Provides application performance analytics.
• AWS Config: Monitors configuration changes and compliance.

Section 2: Datacenters

Site Selection

AWS selects datacenter locations based on rigorous environmental and geographic assessments to mitigate risks such as flooding and seismic activity.

Redundancy and Availability

• Data centers are designed to handle failures through automated processes and load balancing.
• Critical components are backed up across multiple Availability Zones to ensure service continuity.

Capacity Planning

AWS continuously monitors usage and deploys infrastructure to meet availability commitments.

Business Continuity & Disaster Recovery

AWS’s plans include simulations and documentation for handling disruptions. Pandemic response plans ensure critical business operations continue uninterrupted.

Access and Security

• Physical Access: Restricted to authorized personnel, with multi-factor authentication and continuous monitoring.
• Media Destruction: AWS follows NIST 800-88 standards for decommissioning storage devices.

Section 3: Application Development & Privacy

Development Lifecycle

Flare Kite follows DevSecOps principles, integrating security into CI/CD pipelines using Veracode. Automated security testing ensures rapid feedback and secure development practices.

Application Privacy

• Data is encrypted in transit and at rest using AES-256.
• Device data collection is strictly user-specified, preventing unauthorized network scans.
• Communications are secured via HTTPS/SSL, with separate environments for MSPs to ensure data isolation.

Security Features

SaaS Layer Security

• Encrypted communications via HTTPS/SSL.
• Password encryption for all user roles.

Infrastructure Security

• 24/7 intrusion detection.
• IP and port-based firewalls.
• Strict access controls.

Data Center Security

• Monitored by AWS Security Operations Centers 24/7.
• Equipped with fire detection, climate control, and backup power systems.

Software Application Security

• Veracode Verified with regular vulnerability scans and mitigation reviews.
• Comprehensive post-product security assessments.

Conclusion

Flare Kite delivers a secure, scalable, and compliant monitoring solution built on robust serverless technology and AWS’s world-class infrastructure. By adopting best practices in application development, privacy, and operational excellence, Flare Kite empowers organizations to achieve their goals with confidence.

For additional information, contact Flare Kite under NDA.