Identity Armour

Trust

Security and compliance posture.

Identity Armour is engineered for secure defaults, least-privilege administration, and evidence that holds up under scrutiny—from operators answering day-two questions to auditors reviewing controls.

Identity & access controls

  • Tenant-aware administrative roles with least-privilege defaults.
  • Clear separation between platform operators and tenant administrators so changes are deliberate and traceable.
  • Support for strong credentials, MFA at the console, and session policies aligned to your standards.

Data protection

  • Encryption in transit (TLS) for management and data paths; encryption at rest where supported by your deployment backing store.
  • Sanitized logging designed to avoid capturing sensitive payloads in plain text.
  • Configurable telemetry retention so evidence you need for investigations does not outlive the policies you set.

Continuous evaluation

  • The Verdikta Confidence Engine evaluates risk in the context of each access request, not only at initial sign-in.
  • Device posture, geo-risk, and behavioral analytics feed a single score with explainable factors for operators.
  • Policy outcomes—allow, challenge, or deny—are recorded with correlation identifiers suitable for downstream tooling.

Audit & compliance

  • Structured audit events for identity changes, risk decisions, and enforcement actions—ready for SIEM, GRC, or ticketing workflows.
  • Dashboards and exports that help teams demonstrate how policies were applied in production, not just how they were written.
  • Designed to support common control themes in frameworks such as SOC 2 and ISO 27001; enterprise customers receive documentation mapped to their deployment model.

Vulnerability management & resilience

  • We maintain a vulnerability management process for components we ship, prioritize fixes by severity, and communicate material issues to affected customers.
  • Service architecture targets high availability for cloud-hosted deployments; exact targets and credits, if any, are defined in your agreement.
  • Customers with coordinated disclosure programs may request our security contact through hello@identityarmour.com.

Shared responsibility

Identity Armour is one component of your security and compliance program. You remain responsible for how you host or connect infrastructure, configure identity providers, classify data, and operate surrounding detective and corrective controls. We focus on delivering trustworthy identity governance and runtime risk evaluation with evidence you can operationalize.