Referred customers receive a 10% discount on all core offerings and solutions - up to $5,000. Contact us now!
Book a Demo

Platform Security

Infrastructure & Network Security

Classification: External / Client-FacingContact: security@toku.com

Hosting Environment

Toku production infrastructure runs in United States cloud data center regions with independent SOC 2 certification coverage.

Each customer's data is logically isolated at the database level. This provides per-client data isolation, defined security boundaries, simplified audit trails, and separate access controls per customer.

Network Architecture

Production, staging, and development environments are segmented through network isolation. Direct database access from external networks is blocked.

All internal infrastructure access routes through zero-trust network access. Only authenticated, authorized devices can reach production resources, and VPN traffic is encrypted end-to-end.

Web Application Firewall & DDoS Protection

A web application firewall is deployed on all application-layer traffic entering Toku's infrastructure. The WAF provides:

  • DDoS mitigation at the network and application layers
  • Bot detection and automated blocking
  • Rate limiting on all endpoints
  • Request filtering for known attack patterns (SQLi, XSS, CSRF)
  • HSTS enforcement on all public endpoints

All traffic to Toku's platform routes through the WAF before reaching application servers.

Network Segmentation

Toku enforces strict segmentation between environments:

  • Production is isolated from staging and development.
  • Staging mirrors production security controls but uses masked/scrubbed data.
  • Development environments have production-equivalent security configurations but no connectivity to production databases.
  • PII is scrubbed before any data is used in non-production environments.

Infrastructure Monitoring

Toku uses multiple monitoring layers to detect anomalies, performance issues, and security events:

  • Infrastructure monitoring for performance tracking and alerting.
  • Real-time application error tracking and exception monitoring.
  • PII-excluded analytics and anomaly detection.
  • Database logging with enhanced audit trails for all data access and modifications.
  • Automated alerting on integration API failures or anomalous behavior.
  • Continuous compliance monitoring to verify that infrastructure security controls operate effectively.

All monitoring systems feed into centralized alerting with an on-call escalation policy ensuring continuous coverage.

Database Security

All databases use AES-256 encryption at rest, managed through the cloud provider's key management service. Direct database access from external networks is blocked at the network level. All database queries involving sensitive data are logged.

Each client's data is logically isolated at the database level. One client's queries cannot reach another client's records.

Key Infrastructure Controls Summary

ControlImplementation
Cloud ProviderUS cloud regions with SOC 2 certification coverage
WAF / DDoSWeb application firewall on all ingress traffic
VPNZero-trust VPN access
Network SegmentationFull isolation between prod, staging, dev
Database IsolationLogical tenant isolation per client
MonitoringInfrastructure monitoring, application error monitoring, database audit logs
External DB AccessBlocked at network level