Overview

Monte Carlo follows AWS Well-Architected and CIS Benchmark guidelines to ensure a secure foundation for enterprise-grade data + AI observability. Customer environments are logically isolated from, and all data—both in transit and at rest—is encrypted.

Core Infrastructure Components

Compute and Serverless Design

Monte Carlo uses AWS Lambda to process and orchestrate data securely. Each Lambda function executes in an isolated, short-lived container with strictly scoped IAM permissions. Because these compute environments are temporary and immutable, there are no persistent servers to patch or compromise, significantly reducing operational exposure.

Networking and Traffic Protection

All communication passes through AWS API Gateway, which enforces encryption, rate limits, and request throttling to prevent abuse.

Private VPC endpoints protect internal communication, while network segmentation separates production, staging, and development environments. Combined with AWS WAF protections, this architecture prevents unauthorized access and mitigates denial-of-service risks.

Identity and Access Management

Access to Monte Carlo’s infrastructure is tightly controlled using AWS IAM. Permissions are granted according to the principle of least privilege, with multi-factor authentication, short-lived credentials, and federated SSO protecting administrative accounts.

All privileged activity is logged, ensuring full auditability.

Infrastructure Hardening and Patch Management

Monte Carlo continuously identifies and remediates infrastructure vulnerabilities through automated scanning, configuration validation, and Infrastructure-as-Code reviews.

Critical issues are prioritized and all issues are tracked to remediation and verified post-fix. Independent penetration tests and third-party assessments confirm the platform’s security posture and alignment with modern cloud security standards.

Monitoring and Infrastructure Defense

Security telemetry from across the platform is collected and correlated using internal tooling.

Centralized logging and SIEM integration provide a unified view of system activity, while immutable logs support audit and forensic analysis.

Monte Carlo’s 24/7 on-call security and engineering teams respond to alerts and incidents following established containment and recovery procedures.

Compliance

Monte Carlo’s infrastructure controls adhere to frameworks and regulations such as SOC 2 Type II, ISO 27001, GDPR, and CCPA.

We operate under the AWS Shared Responsibility Model, in which AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud and Monte Carlo is responsible for all of the necessary security configuration and management tasks made available to us.

Visit our Trust Center for more information on compliance attestations or to view the Monte Carlo Shared Responsibility Matrix.