K2 Cloud platform improvement

Secure development

The security policy adopted for K2 Cloud is aimed to provide an up-to-date and secure cloud service. The Security Development Lifecycle (SDLC) focuses on cloud development. We have implemented key stages of this process and constantly monitor its adherence.

Specialists involved in K2 Cloud improvement regularly receive awareness-raising training, including hands-on training, external training, familiarization with internal secure development procedures, notifications of possible software and app vulnerabilities and measures to minimize them, and meetings with experts to be informed about new security threats and methods to counter them.

We adhere to the architectural planning principles. This means that we discuss possible threats and attacks on the service with information security specialists before changes are made and introduced to the service’s architecture in use. The measures developed to minimize risks are included in the implementation requirements.

We conduct static and dynamic application security testing, check the code quality and ensure that tests cover it.

Before introducing changes, we always conduct a final security analysis to check the security requirements implementation for completeness and sufficiency. Development and test environments are isolated from the production, and production data is not replicated in other environments.

Update and change management

K2 Cloud is constantly improving in terms of stability and quality through scheduled updates. Users get notified of upcoming changes at least 24 hours in advance and learn about them from our emails and information resources, including the Telegram channel (in Russian).

In addition, K2 Cloud uses an update management policy to govern update installation procedures for various software types. K2 Cloud information security specialists ensure that vendors’ security patches for critical vulnerabilities are installed as soon as possible.