Security is foundational in Lyra’s architecture—built into every layer, from data handling and authentication to access control and platform deployment. The system is designed to meet the most demanding institutional standards without creating operational friction.
Defense in depth, built-in
Secure by default, adaptable by design
Lyra applies multiple layers of protection across data, users, infrastructure, and operational boundaries—ensuring both compliance and trust across all market segments.
Security is not optional or modular; it’s embedded across the stack and constantly maintained to align with best practices and regulatory expectations.
The platform is SOC 2–aligned and ISO 27001–compliant by design—ensuring a standards-based approach to data security, access control, and operational oversight.
Comprehensive protections
Lyra combines modern encryption, strong authentication, and granular access controls to ensure data integrity, session protection, and regulatory traceability.
Encrypted transport
All data flows through SSL/TLS-secured channels, protecting sessions and credentials in transit.
Access and authentication
Support for 2FA, external identity providers, and robust password policies ensures strong identity management.
Encrypted data separation
Personal and transactional data are logically separated, with encryption at rest where applicable.
Granular permissions
Access is defined by role and client group, combining vertical and horizontal rules across all user types.
Operational safeguards
All critical actions (e.g., position closures, risk overrides) are traceable and can be constrained by role, scope, or escalation level.
Support access limits
Support staff can only view or confirm client-sensitive data in masked form—ensuring zero exposure of private details during troubleshooting.
Full activity logging
All user interactions are logged, with session tracking, login history, and real-time monitoring of access patterns for audit and security response.
Secure external feeds
Connections to LPs and exchanges are protected via FIX-over-TLS or secure WebSocket protocols—preserving confidentiality and order integrity.
Insider threat mitigation
Internal access policies, audit trails, and privilege segmentation guard against unauthorized staff actions or compromised operator accounts.