Security + Governance
Secure by design.
That’s our commitment to you.
Certified to safeguard your data
We've been certified by an independent audit firm for maintaining a SOC 2 Type 2 security standard. We also continuously maintain the security, availability, confidentiality and integrity of customer data.Our Stringent Security Controls
We've implemented automated alerts and evidence collection to monitor over 100 security controls, giving us the ability to confidently prove our security and compliance posture at any time. Further, our commitment to compliance and a security-first mindset is ingrained in our entire organisation.
Endpoint Protection
We centrally manage all of our devices, enforcing policies related to security, patching, and encryption. Additionally, we filter out any malicious requests that could potentially harm our infrastructure.
Simulate and defend against attacks
To ensure the strongest system defences, we undertake third-party penetration tests with a certified assessor for every major release.
Secure by Design
We follow the 'least privilege' practice meaning we only access what's necessary to satisfy a particular control. To ensure accountability and transparency, all activity is logged and periodically audited.
Cyber security training
To ensure our employees are equipped to recognise and respond to cyber security and phishing threats, we've partnered with a leading cyber security training company. This helps us maintain a vigilant and security-focused culture every day.Application & Data Security
24/7 Security alerts
Middle actively monitors application and infrastructure security, availability and performance. Automated security testing is performed continuously and we engage qualified third party suppliers for penetration testing.
Prevent malicious attacks
To protect against malicious attempts to shut down our system, Middle utilises Distributed Denial of Service (DDoS) protection and network-level attack mitigation. Our Web Application Firewall (WAF) and machine learning-based mechanisms detect and block network attacks to keep our systems secure.
Data encryption
Middle implements the secure Transport Layer Security (TLS 1.2) encryption protocol to protect all data across our instances and databases. We also use Hardware Security Module (HSM) based encryption, which provides tamper-resistant encryption for added security.
Our security and audit partners.
Infrastructure & Code Security
Infrastructure as code (IAC)
By utilising Terraform, Middle is able to describe the state of our infrastructure as code. This approach enables peer-reviewed changes, template scanning for vulnerabilities, and fast recovery in the event of outages.
Immutable environment
We uses Shielded GKE Nodes, Confidential VMs, read-only file systems and 'distroless' containers to enforce integrity, confidentiality and protection of customer data.
Third Party Library Scanning & Static Code Analysis
We use leading third-party security solutions to ensure we don’t have vulnerabilities in our code base. We also perform static code analysis verifications that must be passed before any new code can be merged.
Secure development practice
We peer review and test our code prior to release, including manual and automated checks for security issues, and only release software after qualifying it in development and test environments.
Got questions or concerns?
Please contact security@middle.finance if you any questions or concerns. To report urgent issues, please follow our Responsible Disclosure Policy