Security, Compliance, Isolation & more

Security & Compliance

Quickwork incorporates bank-level security by adopting various mechanisms and security practices to keep your data and connections safe. Whether you are operating with Quickwork Cloud or Quickwork Self-Managed instances, these security practices come pre-packaged with the application. All communication from the internet to Quickwork and within Quickwork’s microservices is encrypted with TLS 1.2+. Mutual TLS is used to ensure that intercommunication between internal services also remains encrypted. Quickwork remains SOC2 Type II compliant and ISO/IEC 27001:2022 certified, vetted, and verified by external auditors.

While Quickwork strives to avoid storing customer credentials and prefers using authentication via OAuth, in some cases where service accounts or OAuth are not possible, Quickwork stores these credentials on behalf of the user in an encrypted vault. These values use encryption keys managed via key management tools, and enterprise customers are allowed to bring their own keys to encrypt their data and credentials.

Execution Isolation & Container Security

In terms of isolation, Quickwork executes every transaction of each workflow in a dedicated container. This provides isolation for each transaction from a memory and compute perspective, ensuring that data always remains in the container dedicated to your transaction and is terminated to free up resources when not in use. Furthermore, Quickwork patches critical and high vulnerabilities as soon as they are made available and known to have an exploit. However, since it is not always possible to quickly patch every vulnerability, Quickwork ensures the use of the right security standards, practices, and tools to mitigate the impact of zero-day or known vulnerabilities. These measures include incorporating IDS and IPS, distroless image containers with read-only file systems, minimal security privileges, and restricted network communication capabilities.

Access Controls & Deployment Boundaries

Quickwork employees do not have access to any customer resources unless given explicit permission by the user. For self-managed modes, whether air-gapped or non-air-gapped, Quickwork has no access to services deployed in your environment, including infrastructural components. All assets are updated and pushed to a central repository, from which individual customers can pull updates using their license keys.

Data Storage & Customer Control

By default, Quickwork stores transactional data for each transaction to enable users to debug their workflows. This data is stored in an encrypted format, and customers can bring their own keys to encrypt this data while maintaining ownership of the keys. Customers also have the ability, either centrally or at a journey level, to disable storage, mask certain data points, or store only failed transactions for debugging purposes, thereby limiting or completely removing data stored on Quickwork.