Alcatraz AI Security | Certified, Encrypted & Adaptive Protection

We don’t just talk about security — we prove it. Alcatraz holds certifications for ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018, covering information security management, cloud service security, and protection of personal data in the cloud. These internationally recognized standards require us to continuously identify risks, safeguard sensitive assets, and improve our controls.

On top of certification, we undergo regular third-party penetration tests and independent audits to make sure our protections hold up in the real world. Every Rock and every line of cloud infrastructure is designed to meet or exceed these benchmarks, giving customers confidence that their security isn’t just promised — it’s verified.

Not every door and not every person carries the same level of risk. That’s why Rock supports adaptive authentication, a flexible security model that lets organizations dial security up or down based on context.

Granular Access Policies: Solution Owners can decide which users authenticate with a simple facial match, and which require a second factor like a badge or PIN. High-trust employees may pass seamlessly with face-only, while sensitive areas like server rooms or labs can enforce step-up authentication automatically.

Smarter Security, Less Friction: This approach balances usability and risk. Employees aren’t bogged down with unnecessary extra steps where they aren’t needed, but critical zones remain locked down with layered security.

AI-Driven Flexibility: The Rock continuously learns from usage patterns and environmental conditions, enabling organizations to evolve access rules as their needs change. This adaptability ensures strong protection without sacrificing the frictionless experience that facial authentication is meant to deliver.

Built-In Future-Proofing: As regulatory requirements or organizational policies change, administrators can update authentication flows without hardware replacement — ensuring the Rock grows with your security strategy.

The result is a system that delivers personalized access control: the right authentication strength for the right context, every time.With Alcatraz, consent isn’t just assumed — it’s enforced by design. Enrollment into the Rock system is always opt-in, meaning no one can be scanned or matched without explicit approval.

No Silent Enrollment: The Rock cannot capture or create a Facial Signature until the Solution Owner confirms that the individual has consented. This safeguard ensures there is no “background scanning” or automatic enrollment of bystanders.

Solution Owner Confirmation: Consent is tracked and confirmed through the Solution Owner’s own systems — such as onboarding workflows, visitor registration, or digital consent forms. The Rock does not proceed without this explicit “green light.”

Technical Enforcement: The Rock and the ACS are designed so that enrollment cannot begin until consent is registered. This means the device itself enforces the rule, not just policy.Opt-Out Anytime: If a person withdraws consent, their Facial Signature is deleted. From that moment, the Rock will no longer recognize them, and they must use an alternative access method like a badge or PIN.

Global Compliance: This opt-in approach aligns with data protection laws such as BIPA, GDPR, and CCPA/CPRA, which require informed and explicit consent for biometric processing.

By making consent both a policy requirement and a technical safeguard, the Rock guarantees that facial authentication is something you choose — never something that just happens to you.

Security

Certified Security

AWS-Backed Cloud Resilience

Encrypt Everything

Adaptive Authentication

On-Device Tailgating Detection

Enterprise-Grade Controls

Lifecycle Automation

Tamper-Resistant Hardware & Secure Updates

Continuous Security Evolution

Ready to Rock?