In all areas of our SDLC from the infrastructure to the application, we apply best practices like minimum privileges, separation of roles, and effective monitoring. The Coherence Control Plane itself is hosted on Google Cloud Platform. We have achieved SOC 2 Type I compliance and are currently in our 6-month audit window for Type II compliance (with Vanta), including:
- A Risk Assessment
- Employee eduction and training
- Information Security Auditing (SOC2 Type I and II, HIPAA)
Coherence operates a program for responsible disclosure. We also intend to begin annual 3rd party penetration testing within the year in 2023.
Coherence has access to 2 important services, your source provider (github, gitlab, bitbucket) and your cloud provider (GCP, AWS, Azure, etc...)
Source Provider Access
On github, we use a github app installed on coherence-enabled repos in order to receive webhooks for push events and create check runs to communicate CI status. We can also support a Personal Access Token (PAT) if you prefer - just shoot us a note to email@example.com. Users OAuth to our github app and receive repo-scoped tokens that Coherence stores and uses to authenticate users automatically for our Workspaces, as well as when submitting builds or creating branches from our UI.
Your source code is accessed by our automated systems in the process of building and deploying your application. Any copies of such source code are only stored while they are being processed (they are deleted at the end of the jobs), and Coherence employees do not have direct access to such copies. Additionally, all job processing is done on ephemeral instances which are routinely replaced and do not have long-lived storage, further reducing the risk of accidental access to your source code. Excepting emergency procedures for bugs or other incidents, Your source code will not be seen by Coherence employees, or stored on Coherence systems (e.g. employee workstations)
Cloud Provider Service Account
You are always in control of what role this account has and can audit or remove access at any time via your cloud provider's IAM tools. This service account is used to manage resources in your cloud account on your behalf, and generates further service accounts for more granular use as/where appropriate. Wherever possible, Coherence uses best practices like Workload Identity to minimize key handling as well as systems such as Cloud KMS to encrypt what keys we do store when at rest.
Excepting emergency procedures for bugs or other incidents, Coherence employees do not have access to manually use the service account you grant acceess to. We encourage you to use the auditing tools available in your cloud platform to monitor all of your important systems for unexpected access to production data or configuration.
On GCP, you grant a coherence-managed service account (that we generate uniquely for each application) an "Owner" (or otherwise a custom role which still requires enough permission to manage your account) in your cloud IAM controls.
On AWS, we create an IAM user in an account that we control. This same IAM user is than granted permission, by you, to manage resources on your behalf.
It's important to note that you can grant access to new "test" accounts in either system when first testing Coherence - you don't need to connect to your current cloud projects and data until you want to use existing databases in those projects.
We know that Coherence, when used fully, takes on a critical role in your software team. Choosing a vendor that will become a daily part of your engineering workflow is not a decision to be taken lightly. As part of our own diligence into vendors, we think about things the same way.
We break the risk of choosing Coherence as a vendor into 3 parts, and address each part below:
- Company solvency: will we still be around in X years?
- Impact radius: if we went away overnight, would your company stop running?
- Security and privacy risk: is choosing Coherence going to get your company hacked?
Coherence is founded by an experienced team of tech leaders. We are funded by tier-A venture capital firms and a group of accomplished angel investors. We have substantial runway remaining, and strong prospects for continued growth and financing. Each customer we add makes our company stronger, so by using Coherence you're de-risking this part of the choice.
We have designed our system from the ground-up to remove as much of the risk to your uptime from Coherence's actions as possible. In fact, it's one of the strongest reasons to choose Coherence over an alternative solution such as a Platform-as-a-Service. If we were to vanish overnight with no warning, nothing would happen to your already deployed environments or resources, and your customers would not notice that anything had changed. Ultimately, Coherence sits between your developers and your cloud, not your cloud and your users.
- Environments without a custom domain, which use a
SOMETHING.coherencesites.comURL, will have a dependency on the DNS systems and domain registration for
coherencesites.comremaining available. You can apply a custom domain to each environment on a per-environment basis in Coherence, and it's unlikely that a customer-facing environment would use such a domain.
That said, we want to highlight both the gap that our disappearance would create as well as the steps we would plan to take if we did choose to wind down. To state it clearly, we do not intend to disappear with no warning, but rather to work as your partner in the unlikely event that this becomes necessary.
- You would become responsible for replacing the scripts and configuration files that Coherence generates for you, including the Infrastructure-as-Code, CI/CD pipelines, and workload deployments (e.g. ECS on AWS or Cloud Run/GKE on GCP). You'd also need to train your team on how to use the scripts and files, for example to create an environment or deploy a commit, since it is unlikely you'd build a UI as easy to use as our dashboard.
- Coherence is committed to making this transition easy, providing artifacts such as the last version of scripts used as well as the
terraformor other similar state and configuration files. Many of these files are already present in your cloud resources and can be viewed or downloaded without any involvement from Coherence. If a situation arises where Coherence is winding down, we will reach out with more information on where to find these resources and spend time transitioning you to an alternative workflow with advance notice!
Security and Privacy Risk
As outlined in the rest of this document, Coherence takes every commercially reasonable measure to architect our systems for low risk to your data and customers. You always remain in control of our access to your cloud systems, and can audit our activity continuously using systems we do not control. Additionally, you can revoke our access at any time.
Please report any bugs, vulnerabilities, publicly available/hosted confidential information, or other relevant information to firstname.lastname@example.org. We'd appreciate it if you granted us private notice at that address before any public disclosure.
You agree to two different terms and conditions during your use of Coherence.
- The Trial Use Agreement governs our use of the application at
app.withcoherence.comand the information we collect in the course of providing the services to you and your team. You accept these terms when you register your team on our platform. If you have any questions or concerns about the agreement, please reach out to email@example.com and we'll be happy to discuss them.