Talk to us

Our Security Approach

Security should be the operating system, not a bolt-on product.

AleraPoint is built on a Zero Trust security model. We do not rely on legacy perimeter firewalls, flat internal networks, or implicit trust based on network location.

Instead, every access request is evaluated continuously using identity, device posture, and context.

What Zero Trust Means to Us

Zero Trust is not a product or a checkbox. It is an operating philosophy:

  • No user is trusted by default
  • No device is trusted by default
  • No network location is inherently safe
  • Every request must be authenticated and authorized

How AleraPoint Applies Zero Trust

  • Identity-first access: verified identity, not IP address
  • Device-aware security: posture-based access requirements
  • Least privilege by default: access granted only as needed
  • No exposed infrastructure: no open inbound ports or VPN concentrators
  • Continuous verification: evaluated on every request

What We Deliberately Avoid

  • Legacy perimeter firewalls as trust boundaries
  • Flat internal networks
  • Implicit VPN trust
  • "Set it and forget it" security controls

Governance Alignment

AleraPoint's security approach is defined and enforced through internal governance documentation aligned to the CIS Critical Security Controls v8.

Public statements on this site are intentionally consistent with internal policy, control ownership, and incident response frameworks.

Responsible Disclosure

If you believe you've found a security issue, email security@alerapoint.com. Please include steps to reproduce and any relevant logs or screenshots.