Introducing the Arize Trust Center and Security Periodic Table
Since joining Arize as Chief Information Security Officer earlier this year, it has been inspiring to see the tangible benefits that Arize’s ML observability platform brings every day to both free and enterprise users. Despite only being in the early stages of this industry, Arize is already trusted by its customers to process hundreds of billions of model predictions per month.
That trust is not something that we take lightly, especially given the importance of AI to companies and society at large. As such, we are always optimizing our strategies and systems to ensure robust security, compliance, and privacy. To that end, Arize recently achieved SOC 2 Type II certification – the first of several major industry certifications (i.e. HIPAA) that we are committed to pursuing over the next year.
To detail these efforts, we are proud to debut the Arize Trust Center: an interactive resource designed to help both current and potential customers and partners understand our governance, policies, and security.
Security at Arize rests on three pillars:
- Auditability ensures that Arize always knows what happens on company systems and can fill in the key details – including who, what, where, when, why, and how – in the event an incident occurs to facilitate both internal and third party investigations.
- Prevention is about leveraging a thorough knowledge of company systems to consistently identify weak points to add protections and controls. Today, external attacks are prevented leveraging technologies like firewalls, intrusion detection, and intrusion prevention systems; internal risks are mitigated through a least-privileges policy, security quality gates and other safeguards.
- Preparedness is also critical in a world where perfect security is elusive and improvisation in a crisis can prove costly. Arize regularly simulates a variety of scenarios, fine-tuning written plans and processes for incident response.
By using these pillars as a foundation, Arize takes its cue not just from technology leaders but also sectors with long histories of effective risk management. In the airline industry, for example, on-board instruments and black boxes capture pilot actions (auditability), redundant safety systems prevent cascading instrument failures or crashes (prevention), and pilots are required to spend consistent time in the simulator to prepare for a wide array of scenarios (preparedness).
These pillars also form the basis of our security periodic table, an interactive version of which is now available in the trust center. For each “element” of security, click a level deeper to see what we are doing and why along with compliance objectives. Where available, we also list how different certifications and standards overlap to aid in ensuring compliance across a variety of industries.
As always, please feel free to reach out if you have any questions in the Arize community.