Security

Mountain's commitment to platform and data security

Security Overview

At Mountain, security is fundamental to our quantum computing platform. We implement comprehensive security measures to protect your data, quantum computations, and ensure the integrity of our power grid optimization services.

🔒 Enterprise-Grade Security

Our security infrastructure is built on industry-leading practices and powered by secure quantum computing partnerships.

Platform Security

Infrastructure Security

  • Cloud Security: Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II compliance
  • Network Security: End-to-end encryption, secure VPNs, and network segmentation
  • Physical Security: Data centers with biometric access controls and 24/7 monitoring
  • Quantum Backend Security: Secure connections to NVIDIA CUDA-Q, IBM Qiskit, and Amazon Braket

Application Security

  • Authentication: Multi-factor authentication (MFA) support and strong password policies
  • Authorization: Role-based access control (RBAC) with principle of least privilege
  • Session Management: Secure session handling with automatic timeout
  • API Security: Rate limiting, request validation, and secure API endpoints

Data Security

Data Protection

  • Encryption at Rest: AES-256 encryption for all stored data
  • Encryption in Transit: TLS 1.3 for all data communications
  • Quantum Job Isolation: Complete isolation between user quantum computations
  • Data Backup: Encrypted, geographically distributed backups

Data Retention and Deletion

  • Automated Cleanup: Quantum job data automatically deleted after 30 days
  • Secure Deletion: Multi-pass deletion ensuring complete data removal
  • User Control: Users can delete their data at any time
  • Retention Policies: Clear data retention policies aligned with legal requirements

Quantum Computing Security

Quantum Job Security

  • Job Isolation: Each quantum computation runs in an isolated environment
  • Queue Security: Secure job queuing with tampering protection
  • Result Integrity: Cryptographic verification of quantum computation results
  • Backend Authentication: Secure authentication with quantum hardware providers

Algorithm Protection

  • Proprietary Algorithms: Our quantum optimization algorithms are protected trade secrets
  • Code Integrity: Digital signatures and checksums for all quantum circuits
  • IP Protection: Strong intellectual property protection measures

Compliance and Certifications

Current Compliance

  • GDPR: Full compliance with EU General Data Protection Regulation
  • CCPA: California Consumer Privacy Act compliance
  • SOC 2 Type II: Security and availability controls certification
  • ISO 27001: Information security management system certification

Industry Standards

  • NIST Framework: Aligned with NIST Cybersecurity Framework
  • OWASP: Following OWASP secure coding practices
  • CSA: Cloud Security Alliance best practices implementation

Security Monitoring

Continuous Monitoring

  • 24/7 SOC: Security Operations Center monitoring all systems
  • Intrusion Detection: Advanced IDS/IPS systems with real-time alerting
  • Log Analysis: Comprehensive logging and analysis of all system activities
  • Vulnerability Scanning: Regular automated and manual security assessments

Incident Response

  • Response Team: Dedicated security incident response team
  • Response Time: Critical incidents addressed within 1 hour
  • Communication: Transparent communication during security incidents
  • Recovery: Tested disaster recovery and business continuity plans

User Security Responsibilities

Account Security

  • Strong Passwords: Use complex passwords with at least 12 characters
  • Enable MFA: Always enable multi-factor authentication when available
  • Regular Updates: Keep your passwords updated regularly
  • Secure Access: Only access your account from trusted devices and networks

Data Security

  • Sensitive Data: Do not upload personally identifiable information unnecessarily
  • Data Classification: Properly classify and handle your grid data according to sensitivity
  • Access Control: Do not share account credentials with unauthorized users
  • Reporting: Report suspected security incidents immediately

Security Updates and Communications

  • Security Advisories: We publish security advisories for any issues affecting users
  • Platform Updates: Regular security updates and patches applied automatically
  • User Notifications: Users notified of security-related changes affecting their accounts
  • Security Blog: Regular security blog posts and best practices

Reporting Security Issues

We take security seriously and appreciate responsible disclosure of security vulnerabilities.

Security Contact Information

  • Security Email: security@mountain-quantum.com
  • Vulnerability Reports: vulnerability@mountain-quantum.com
  • Security Incidents: incident@mountain-quantum.com
  • General Security: info@mountain-quantum.com

Response Times

Critical vulnerabilities: Within 4 hours | High severity: Within 24 hours | Medium/Low severity: Within 72 hours

Bug Bounty Program

We operate a responsible disclosure program for security researchers:

  • Scope: Platform security, data protection, and quantum computing security
  • Recognition: Public recognition for responsible researchers
  • Guidelines: Please follow responsible disclosure practices
  • Coordination: We coordinate with security researchers to address findings

Note: Please contact security@mountain-quantum.com before conducting any security testing.