Data is the foundation of enterprise decision making. Data is a factor in enterprise competitiveness, in regulatory considerations, and is reflected in capability planning. As industries such as energy and manufacturing digitize, data becomes more accessible and usable. Readily available data that can be analyzed leads to operational improvement. But with digitization comes vulnerability. We all now experience and witness cyber-attacks on a daily basis.
The security, confidentiality, integrity, and availability of C3.ai applications are vital to the success of our customer’s business operations. C3.ai meets these requirements through a unified, cohesive product suite that uses a scalable and secure model. C3.ai implements a rigorous cyber security regimen to protect critical systems and information assets, constantly monitoring and improving applications, systems, and processes to meet the constantly changing demands and challenges of security.
The C3.ai Cyber Security regimen has been developed to comply with—and exceed—all applicable legal and regulatory requirements. This regimen includes a comprehensive set of cyber security controls and business processes based on several industry and governmental frameworks and best practices. These include:
- NIST (National Institute of Standards and Technology) best practices and OWASP (Open Web Application Security Project) adherence.
- HIPAA Privacy Rule and the HIPAA Security Rule compliance for privacy and security of health information and records.
- GDPR adherence for data protection and privacy in the EU.
- Security FedRAMP High Compliance and L5 DoD classification for minimum security cloud services requirements for data processed, stored, and transmitted. C3.ai has a High classification across confidentiality, integrity, and availability dimensions (High-High-High).
C3.ai uses state-of-the-art AI endpoint protection, intrusion detection and prevention (IDS/IPS), and multi-factor authentication to secure the network perimeter. Other security measures include:
- Security information and event management (SIEM) and continuous event logging: SIEM provides real-time analysis of security alerts generated by applications and system hardware.
- Vulnerability scanning to determine if and where a system can be exploited and/or threatened.
- Data loss prevention and protection system (DLP) to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
- Role-based access control (RBAC) and least-privilege access to ensure users have precisely the amount of privilege/access necessary to perform a job.
- Encryption of data at rest and data in transit.
- Network segregation rulesets for controlling the communications between specific hosts and services.
In addition to automated and manual scanning, C3.ai retains professional hacking experts and researchers to attack the C3 AI Suite networks. These “black hat” experts continuously probe the C3 AI Suite to look for vulnerabilities, so they can be immediately addressed.
With these rigorous security measures, adherence to security frameworks, and security testing, C3.ai maintains the highest levels of security for customer operations.