A Safer Identity

ºÚÁϺ£½Ç91Èë¿Ú creates a safer identity for our customers. Our customers trust us with some of their most confidential secrets and we reciprocate that trust by putting security first. We understand we’re asking you to trust us, and we want to make sure you’re comfortable with our security practices, so that you know your identity is well-protected.

Independent Assessments and Audits

ºÚÁϺ£½Ç91Èë¿Ú’s environments and products are continuously scanned for vulnerabilities. We conduct external penetration tests performed at least annually. The results of these scans and tests are integrated into our development workflow to be addressed based on criticality, and our vulnerability management policy.

ºÚÁϺ£½Ç91Èë¿Ú has completed a SOC 2 Type 2 examination for the open directory platform. You can request to view the results of this examination by emailing [email protected]. Signing a nondisclosure agreement is required to receive access to the full report.

Secure by Design Development

ºÚÁϺ£½Ç91Èë¿Ú uses static (SAST) and dynamic analysis tools (DAST) to improve the security of our development process in the build pipeline. We also evaluate source code, dependencies and combine this with analysis of both exploitability trends as well as simple versioning as a function of our SSDLC. We institute change controls across our production environments and security controls as best practice to continuously improve our capability-maturity model.

Vulnerability Disclosure

ºÚÁϺ£½Ç91Èë¿Ú maintains a Vulnerability Disclosure Program to enable security researchers to securely report vulnerabilities they may have found.

Transmission Encryption

As a cloud-based service, ºÚÁϺ£½Ç91Èë¿Ú securely transmits data over public networks using industry best practices encryption. This includes data transmitted between ºÚÁϺ£½Ç91Èë¿Ú agents and our public endpoints. Across our broad array of authentication protocols, including LDAP, RADIUS, SAML, and our agent-based binding for computers and servers, we support the latest recommended secure cipher suites to encrypt all traffic in transit, using TLS 1.2 and above.

At-rest Encryption

All databases are safeguarded with encryption to prevent data access by unauthorized parties, and all applications that contain sensitive data are additionally protected with encryption using industry best practices ciphers and key lengths for all data at rest.

Access Controls

Users are access controlled with multi-factor authentication and use strict roles-based access controls management supporting key the principles of separation of duties, least privilege and audit.

Data Protection

Please contact ºÚÁϺ£½Ç91Èë¿Ú through our Data Privacy Officer at [email protected] if you’d like us to forget/delete your data. Note that we have a process to verify the authenticity of the administrator requesting the data deletion, so we cannot delete data from requests by automated services like Deseat.me. If you are a data subject and not an administrator of the organization, please contact the administrator prior to submitting a request. Refer to the data deletion section of our GDPR page for more information.

Resiliency

ºÚÁϺ£½Ç91Èë¿Ú follows industry best practices to ensure that our environment is highly distributed and resilient. Our infrastructure is highly-available across cloud availability zones and covers multiple geographic regions. Each of our services are designed to be highly available, with a philosophy of degradation before disruption. Our production services are replicated among these different regions to protect the availability of ºÚÁϺ£½Ç91Èë¿Ú services in the event of a location-specific disaster event.

Employment

All of ºÚÁϺ£½Ç91Èë¿Ú’s employees undergo background checks and are required to undergo mandatory security awareness training security awareness training upon hire, and annually thereafter.