Introduction

Security is at the heart of everything we do and build at Yieldstreet. Our security leadership brings over 20 years of experience in Fintech, digital financial platforms and regulated industries. We care deeply about your security, and go the extra mile to protect the data and privacy of our users and safety of their portfolios and transactions.

Of course, in an era where website hacks, data compromises, and commerce on the dark web are a matter of daily news, and a security breach in one place can render your accounts at other unrelated places vulnerable and open to compromise, we also do our best to educate our users on best practices to follow to protect their data, both at Yieldstreet and other digital platforms.

Read on to learn more about how we approach platform security at Yieldstreet.

The Yieldstreet Secure Platform

The Yieldstreet platform is architected from the ground up with a central focus on security. We follow top industry standards and guidelines for all aspects of the platform, spanning secure coding, data encryption and privacy management, segmented and containerized cloud infrastructure, advanced perimeter security and fine-grained access control. In addition, we integrate with a set of vendors for specific security purposes like Two-Factor Authentication, account level security, continuous monitoring and many others, providing bank-grade security for the protection of our users and their data.

Account and portfolio security

Application security at Yieldstreet starts from secure coding practices, enforced via both process and automated controls. We follow OWASP guidelines for secure application development, for both frontend and backend systems. Our continuous delivery pipeline ensures all code commits are auto-scanned for insecure code. The platform also deploys a set of security features to ensure the account-level security of our end users:

Two-Factor Authentication (2FA) is a mandatory requirement for all users.

Account level security controls incorporate heuristic and AI-based controls for detection and prevention of account takeovers. including (but not limited to) auto-lockouts on repeated login failures, access pattern violation detections and suspicious logins.

Transaction level security is implemented at multiple levels via risk scoring algorithms that combine heuristic rules with pattern recognition algorithms to detect and escalate potential fraud.

Data security and privacy

Data is the most valuable and sensitive commodity for any enterprise, and at Yieldstreet we are resolutely committed to the privacy, security and loss protection of this commodity, both Yieldstreet’s enterprise data and our users’ private data. As stewards of the data provided to us by our users, we employ a variety of systems and controls to help ensure the privacy and security of this data:

  • All data in transit is encrypted end to end with a minimum of 128-bit encryption. This is deployed on data in transit even within our internal private subnets.
  • All data at rest is encrypted via FIPS-140-2 compliant encryption technology.
  • Account passwords are cryptographically one-way hashed with a multi-iteration 16-byte random salt.
  • All data stores are cross-region replicated across Amazon’s AWS infrastructure to provide high availability and redundancy, and protect against data loss.
  • Access to internal systems handling user information is strictly restricted and managed through a centralized, fine-grained entitlement system, following the Principle of Least Privilege, managed centrally by Yieldstreet’s Security Office.

More information on Yieldstreet’s privacy policies can be found here.

Infrastructure security

Yieldstreet’s systems are hosted in Amazon’s AWS cloud infrastructure, across multiple regions and availability zones to provide redundancy. AWS is an industry-leading SOC-2, ISO27001, and FEDRAMP certified secure cloud infrastructure provider, providing a wide range of functionality and features for securing and monitoring an enterprise’s cloud infrastructure. We leverage all of these technologies provided by AWS for securing our infrastructure, and have developed a sophisticated containerized physical architecture with security as a core driving concern.

Some highlights of this architecture:

  • We are protected at our perimeter by Cloudflare’s Web Application Firewalls (WAF), DDoS protection and Bot detection systems.
  • All transport is secured end to end with TLS transport layer security (128-bit minimum) across all tiers of the stack. Yieldstreet’s website uses an Extended Validation SSL certificate for its public web properties.
  • Network segmentation provides defense in depth for the systems and data tiers, providing separation between services and data stores.
  • FIPS-140-2 compliant encryption is used to protect all data at rest.
  • Intrusion detection and endpoint protection systems run 24/7 in our infrastructure, alerting us to any potential security incidents.
  • In addition, our infrastructure is continuously monitored for its security posture against CIS Benchmarks.

To ensure we keep the platform secure at all times, we perform annual third-party audits of our applications, networks and infrastructure. In addition, our vendor management policy requires all vendors that handle secure user data to provide reports of their annual security audits.