The Modern ETRM/CTRM Platform That Prioritizes Security

Security is the most important aspect of Molecule’s trading risk management software — in both our application and as part of our daily operations.

We designed and built our product with security at its core, and we operate our company to meet or exceed the highest security standards in the industry. Our priority is to ensure Molecule is one of the most reliable and secure ETRM/CTRM systems ever built.

Application Security


Molecule maintains Software Development Life Cycle (SDLC) policies that govern the design and implementation of any application and infrastructure changes.


Our patch management policy ensures that operating systems, software, frameworks, and libraries used in Molecule’s infrastructure are regularly updated to the latest versions.

Secrets Management

Application secrets are managed through specialized secrets management software. Access is restricted internally.

Best-In-Class Tooling

Molecule is built on industry-standard technologies including Ruby on Rails, Python, and PostgreSQL.

Security Measures

Infrastructure Security

Physical AWS security

Molecule uses Amazon Web Services (AWS) as its primary cloud hosting provider. More information can be found on the AWS Compliance center here.

Network Security

Molecule has defined strict network security rules. Only the portions of the application we specify are available outside Molecule’s internal network.

Communication within the data center is secured by Amazon’s anti-packet sniffing and anti-promiscuous mode technology.

Staging Environment

Molecule has multiple staging environments that are isolated from our production environment. Any change made to the infrastructure/application is first deployed and tested in staging environment(s) before rolling it out to production.

Production Access

To access our production environment, engineers are required to use AWS client VPN which establishes a secure connection between the AWS network and endpoint device. More information can be found here.

Access to the AWS Console is restricted to necessary personnel. SAML and 2-factor authentication are required to log into the console.

Security Measures

Data Security

Multi-tenant Architecture

Molecule’s E/CTRM is built as a pure multi-tenant SaaS application. At the data layer, all customer accounts are logically isolated with data access limited to the account’s users.

Testing on Every Release

Automated testing ensures that account security is maintained as features are added and changed. Molecule employs a modern array of testing techniques.

The app also runs a robust set of checks on itself daily.


Data is periodically backed up in near real-time. Nightly cold backups are also taken, of all databases. Backups are tested weekly, and offsite backups are also updated at short intervals.

Encryption at Rest

All customer data is stored within AWS and encrypted at rest, providing an added layer of security. Protecting data at rest reduces the risk of unauthorized access, with encryption and access controls.

Find Out More Here

Encryption in Transit

All customer data is encrypted in transit using the Transport Layer Security (TLS) protocol. Insecure protocols, such as HTTP, are either redirected to HTTPS or blocked using AWS security groups.

Find Out More Here

Security Measures


99.9% Uptime

Ever since its inception, Molecule has consistently met or exceeded a 99.9% uptime, while ensuring access to projects and tasks for customers without any interruptions. 99.98%+ uptime annually is routine.

BCP + DR Process

Molecule runs a BCP (Business Continuity Process) drill and DR (Disaster Recovery) simulation regularly. An internal audit is conducted to ensure both BCP and DR are seamless in case of any unforeseen circumstances.

Multi-AZ Deployments

Our application is deployed across multiple availability zones (AZ) in AWS. This ensures that our application can still recover even in case of unforeseen incidents affecting an entire AZ.


Molecule has monitors in place to alert our team immediately in case of service degradations to any of Molecule’s features. When a component underperforms, our engineers receive an alert within seconds. A dedicated ops team keeps a tab on these alarms.

No Downtime Deployments

New software rollouts at Molecule follow a ‘rolling deployment’ strategy, ensuring customers receive new changes without disruption.

Security Measures

Endpoint Security

All Laptops Are Encrypted + Managed by MDM

A Mobile Device Management (MDM) solution automatically installs all security components and allows Molecule to remotely wipe devices if they are compromised.

Employees who have access to our production infrastructure and data are mandated to have anti-malware software installed in their systems, which is reviewed monthly to address any shortcomings.

Penetration Testing

Automated penetration testing and vulnerability scans are run weekly, and white hat penetration testing is conducted at least annually by a third party. Based on their recommendations, updates and fixes are incorporated. Molecule has consistently received the highest possible score on our penetration tests.

Security Measures


Independently Audited for AICPA SOC

Molecule meets the standards of AICPA SOC 1 Type II and SOC 2 Type II, and is audited annually to ensure compliance at the highest possible level. Our policies and system controls are audited for both effectiveness and design.


Molecule is GDPR compliant and data residency in the EU or North America is available. All security processes are identical in each cluster. We also provide a standard data processing agreement (DPA) in accordance with GDPR requirements.

Security Measures
Get a Demo