Security First

Krati Kiyawat
Lead Security Engineer
February 12, 2021

Purpose Advisor Solutions is a technology company that enables Portfolio Managers and advisors to independently grow and scale their business. The below technology is built by Purpose Advisor Solutions and provided to Portfolio Management firms on our platform. We are advisor-driven and always put the client first.

Hi everyone 👋I’m Krati Kiyawat, and I’m the Lead Security Engineer at Purpose Advisor Solutions. I am responsible for overseeing all things safety and security — and I promise it’s an exciting topic! Today I wanted to share our approach to security — since it’s the most critical aspect of a technology and financial services firm. And I want to give you a sneak peek into what we’ve been working on and what lies ahead.

Our approach and mindset
Purpose Advisor Solutions focuses on building products in an industry where security, trust, and privacy are paramount. Our goal is always to protect users of our platform — advisors and their clients. And that is why we have a Security First approach — meaning security is tightly integrated into everything we do. This means incorporating security not only as a significant pillar of our business but into daily practices.  

We have a strong focus on designing our systems the right way, so a resilient and reliable infrastructure supports them — and so they can, in turn, perform in a high-quality manner. This approach allows us to monitor any risks continuously and then prioritize and remediate them as they occur.

Securing our product
As we grow, the complexity of our systems and security surface increases, so to ensure our platform and products' secure development, we have adapted a microservice architecture. I know that may not mean much to you, so for those less familiar, this simply refers to loosely coupled services that can be developed, deployed, and maintained independently. You might be thinking — why is that important, and how does it make a platform more secure? This allows us to easily identify any risk or vulnerability and mitigate it quickly, without impacting other areas.

To incorporate a Security First model in our product design, we follow secure coding practices during the entire software development lifecycle. In simple terms, this allows us to build and maintain our applications safely and securely. We also use the AAA model to further add to our secure design — Authentication, Authorization, and Access Control. Within our architecture, we implement the Zero Trust Model through proper checks and permissions between our microservices — we require all software components (APIs) to be authenticated, authorized, and continuously validated to communicate.

Securing our data
Security of client data is of utmost importance. And we can’t emphasize this enough. Our data needs to be protected at all times — whether it’s at rest or in transit. Data at rest is data that is stored in a database, and it is protected by encrypting it with robust encryption methods. Data in transit is shared between our product and our partners and is protected by secure networking protocols like HTTPS, SFTP, and VPN.

Data for each client is also stored in an isolated environment at a firm level, and each environment has its own security and access controls. We work with our cloud and third-party partners to ensure our policies are strictly enforced across all firms.

Securing our assets
And by assets here, we don’t mean client assets because those are protected in other ways — we actually mean the assets that we use to run our business. This could be something like a laptop or even an employee — basically anything valuable within our organization. We must approach security within our organization with the same priority that we approach protecting client information. The foundational security features such as firewalls, intrusion prevention systems, and endpoint protection software help us monitor all of the PAS environment's ongoing events. And, of course, having a strong password policy and multi-factor authentication (coming soon to clients!).

We also continuously monitor our environment by using alerts and logs. This allows us to stay on top and ahead of what’s going on.

Moving forward…

We shared our approach to secure our data, our product, and our assets at Purpose Advisor Solutions. But we’d be naive to think our current approach will always be the right one. The world of information security is continuously evolving — and new vulnerabilities and exploits may pose a threat to our environment. So our goal as a security team is to stay ahead of the curve and continue enhancing our security posture to keep you and your clients safe.

We are excited to share more security updates — such as multi-factor authentication — in the coming weeks! So stay tuned.