Secure by design.
That’s our commitment to you.
Endpoint ProtectionWe centrally manage all of our devices, enforcing policies related to security, patching, and encryption. Additionally, we filter out any malicious requests that could potentially harm our infrastructure.
Simulate and defend against attacksTo ensure the strongest system defences, we undertake third-party penetration tests with a certified assessor for every major release.
Secure by DesignWe follow the 'least privilege' practice meaning we only access what's necessary to satisfy a particular control. To ensure accountability and transparency, all activity is logged and periodically audited.
Cyber security trainingTo ensure our employees are equipped to recognise and respond to cyber security and phishing threats, we've partnered with a leading cyber security training company. This helps us maintain a vigilant and security-focused culture every day.
24/7 Security alerts
Middle actively monitors application and infrastructure security, availability and performance. Automated security testing is performed continuously and we engage qualified third party suppliers for penetration testing.
Prevent malicious attacks
To protect against malicious attempts to shut down our system, Middle utilises Distributed Denial of Service (DDoS) protection and network-level attack mitigation. Our Web Application Firewall (WAF) and machine learning-based mechanisms detect and block network attacks to keep our systems secure.
Middle implements the secure Transport Layer Security (TLS 1.2) encryption protocol to protect all data across our instances and databases. We also use Hardware Security Module (HSM) based encryption, which provides tamper-resistant encryption for added security.
Infrastructure as code (IAC)
By utilising Terraform, Middle is able to describe the state of our infrastructure as code. This approach enables peer-reviewed changes, template scanning for vulnerabilities, and fast recovery in the event of outages.
We uses Shielded GKE Nodes, Confidential VMs, read-only file systems and 'distroless' containers to enforce integrity, confidentiality and protection of customer data.
Third Party Library Scanning & Static Code Analysis
We use leading third-party security solutions to ensure we don’t have vulnerabilities in our code base. We also perform static code analysis verifications that must be passed before any new code can be merged.
Secure development practice
We peer review and test our code prior to release, including manual and automated checks for security issues, and only release software after qualifying it in development and test environments.