Last updated: October, 2021
In addition to creating the world’s most advanced SaaS Security Posture Management offering, we are also dedicated to protecting our solution, in accordance with industry best standards and practices. Our customers demand the highest levels of data security, and we are committed to ensuring that it meets their standards. We have surpassed expectations of some of the most sophisticated, security-minded organizations in the world. Below is Adaptive Shield’s security overview:
Data Collected and Retained through
Adaptive Shield’s platform
Adaptive Shield’s platform collects metadata such as security settings and configurations, user permissions, profiles, audit logs, etc. Adaptive Shield does not collect user or enterprise data such as contents of Email boxes, or business data stored in the SaaS solutions it monitors.
Adaptive Shield is ISO 27001 compliant as well as GDPR compliant. Adaptive Shield maintains a Written Information Security Policy (WISP), and follows common best practices such as Environment Separation (Dev, Staging, Production), and Patch management.
Adaptive Shield uses its own permission platform to ensure that customer data is only accessed by the relevant customer’s users.
Adaptive Shield performs code review and uses Static code analysis scans on its proprietary and 3rd party code packages and libraries as part of its CI/CD pipeline. Adaptive Shield complements this with Dynamic web vulnerability scanning on the application while running, using a Web security scanner both in an authenticated and unauthenticated state.
Adaptive Shield’s infrastructure is protected using multiple tools, including:
- Servers and databases are kept within private subnets that are closed off to the internet.
- Web Application Firewall is in place.
- Output encoding is performed in order to prevent XSS attacks.
- Input validation is conducted on all of the APIs exposed to the customer side.
- Penetration tests and IT risk assessment are conducted annually by a 3rd party.
The infrastructure and its protections are reviewed and monitored regularly to verify its integrity.
Adaptive Shield only collects metadata, and its security is a top priority. Traffic is encrypted using TLS 1.2 at minimum with modern cipher suites, and when at rest data is encrypted using AES-256 or similar encryption. Field encryption is performed as needed using an HSM based KMS. Keys are rotated regularly and alerts are in place for access events. Credentials are hashed and salted using modern hash functions according to industry best practices.
The Adaptive Shield platform fully supports access control:
- SSO Support (with Big Bang SSO).
- Native MFA support.
- Self Service Password Reset.
- Account Lockout and Session Duration are configurable by the customer.
Adaptive Shield offers an IP Allow Listing from the platform side and from the customer side. The platform supports an option for the customer to create an IP Allowlist of the account’s trusted IPs, for limiting and controlling access to the platform. Adaptive Shield maintains a pool of static IP addresses from which it monitors the different SaaS integrations; these IP addresses can be added to the Allow List on the customer's end in order to increase security and tighten monitoring.
Customer Access Control
Customers have full access to Audit Logs of the Adaptive Shield platform. This allows full monitoring of User Activity as well as API Activity. Customers also have access to the System Activity, allowing visibility into the platform’s activity as it communicates with the connected SaaS applications.
Customers can use four types of user roles in order to limit access to the Adaptive Shield platform. Also, customers can use the scope role to limit permissions of users to specific connected SaaS.
Adaptive Shield is compliant with GDPR, and will share Personal Information with third parties only as detailed in the Adaptive Shield Policy, available here: https://www.adaptive-shield.com/privacy