Security

It is recommended to follow industry container security best practices, such as those defined by CIS or NSA.

Key security points

Run containers in non-root mode

Containers should be configured to run as a non-root user to limit the blast radius of any potential compromise.

Apply network policies

Apply network policies that ensure only the required connections are allowed, as defined in the Network Connectivity Matrix.

Keep software up to date

Regularly update the Container Runtime Interface (CRI) and Container Orchestration software to receive the latest security patches.

Data encryption

Audio transferred to the container is not encrypted by default. The customer is responsible for implementing networking that ensures audio sent to the container for verification is transmitted over a secure internal network.

Audio data never leaves the customer's private deployment. Only billing metadata (API token and verified audio duration in seconds) is sent to the Hiya Platform. See Data Transferred for Billing and Licensing for details.

Key security points​

Run containers in non-root mode​

Apply network policies​

Keep software up to date​