Security

Security Program Highlights

Arc Technologies, Inc. encrypts data at rest and in transit for all of our customers. We use Google Cloud’s Platform encryption and secret management services to manage encryption keys for maximum security in line with industry best practices. 

Application Security
Arc regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment.

Arc also uses high-quality static analysis tooling provided by Snyk and GitHub Advanced Security such as CodeQL, Secrets Scanner, and Dependabot to secure our product at every step of the development process.

Infrastructure Security
Arc uses Google Cloud Platform (GCP) to host our application. We make full use of the security products embedded within the GCP ecosystem, including Secrets Manager, intrusion detection scanning, and shielded containers.

In addition, we deploy our application using containers run on GCP managed services, meaning we typically do not manage servers in production.

Organization-wide MFA
Arc requires Multi-factor Authentication enablement for all Arc Treasury customers. Once enabled, each user will be required to complete MFA at log-in, which includes using either text or Authenticator codes as the second verification method. MFA credentials can be “remembered” on the platform for a 30 day window on trusted devices.