Adaptive Shield's Trust Center

Adaptive Shield uses a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected.
Compliance Certifications and Memberships
Adaptive Shield uses best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our customers meet their own compliance standards.
Adaptive Shield is ISO 27001, ISO 27701 certified, and GDPR compliant
Adaptive Shield undergoes routine audits to receive updated SOC 2 Type II reports
Adaptive Shield maintains a Written Information Security Policy (WISP) and related procedures
Artifacts
For direct download:
The following resources may require an NDA on file. Click to request reports:
  • SOC 2 Type II Report
  • Annual Penetration Test Summary
    • Architecture Diagram
    • Policies & Procedures
    Cloud Security
    Data Center Physical Security
    Facilities
    Adaptive Shield hosts Service Data primarily in GCP data centers that have been certified as ISO 27001 and/or SOC 2 compliant.

    GCP infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.
    On-Site Security
    GCP on-site security includes features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.
    Data Hosting Location
    Adaptive Shield leverages GCP data centers in the United States and Europe.
    Adaptive Shield offers multiple data locality choices including the United States (US) or European Economic Area (EEA).
    Network Security
    Security Team
    Our Security Team is on call 24/7 to respond to security alerts and events.
    Security Mechanisms
    Our network is protected through the use of GCP security services and mechanisms, integration with our Adaptive Shield platform, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.
    Architecture
    Our network security architecture consists of multiple security zones. More sensitive systems like database servers are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
    Security Scanning
    Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
    Penetration Tests
    In addition to our extensive internal scanning and testing program, each year Adaptive Shield employs third-party security experts to perform a broad penetration test across the Adaptive Shield Production and Corporate Networks.
    DDoS Mitigation
    Adaptive Shield relies on GCP anti-DDoS mechanisms, as well as scaling and redundancy tools.
    Logical Access
    Access to the Adaptive Shield Production Network is restricted on an explicit need-to-know basis, utilizes the least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Adaptive Shield Production Network are required to use VPN and  MFA.
    Incident Response
    In case of a suspected incident, response activities are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage.
    Employees are trained on security incident response processes, including communication channels and escalation paths.
    Encryption
    • Encryption in Transit
      All communications with Adaptive Shield UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between the customer and Adaptive Shield is secure during transit.
    • Encryption at rest
      Data is encrypted at rest in GCP using AES-256.
    Availability & Continuity
    Redundancy
    Adaptive Shield employs network redundancies to eliminate single points of failure. Our strict backup process allows us to deliver a high level of service availability, as data and operations are replicated across availability zones.
    Disaster Recovery
    Our Business Continuity and Disaster Recovery (BCP and DR) ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
    Application Security
    Security Development (SDLC)
    Secure Coding Training
    Adaptive Shield provides annual Secure Coding Training to all developers.
    Framework Security Controls
    Adaptive Shield leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.
    Separate Environments
    Testing and staging environments are separated from the Production environment. No customer of production data is used in our development or test environments.
    Vulnerability Management
    Dynamic Vulnerability Scanning
    We employ third-party security tooling to continuously and dynamically scan our core applications against common web application security risks, including, but not limited to the OWASP Top 10 security risks.
    We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.
    Software Composition Analysis
    We scan the libraries and dependencies used in our products to identify vulnerabilities and ensure the vulnerabilities are managed.
    Third-Party Penetration Testing
    In addition to our extensive internal scanning and testing program, Adaptive Shield employs third-party security experts to perform detailed penetration tests on different applications within our family of products.
    Product Security
    Authentication Security
    Authentication Options
    Adaptive Shield has several different authentication options: subscribers can enable native Adaptive Shield authentication and/or Enterprise SSO (SAML, JWT) for end-user and/or agent authentication.
    2-Factor Authentication (2FA)
    Adaptive Shield supports 2-factor (2FA) for customers.
    Service Credential Storage
    Adaptive Shield follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.
    Additional Product Security Features
    Role-Based Access Controls
    Access to data within Adaptive Shield platform is governed by role-based access control (RBAC) and can be configured to define granular access privileges. Adaptive Shield supports various permission levels for users .
    IP Restrictions
    Any Adaptive Shield account can restrict access to their Adaptive Shield Support to users within a specific range of IP addresses.
    Only users from the allowed IP addresses will be able to sign in to your Adaptive Shield account.
    Audit Logs
    Adaptive Shield supports user, API, and system-level Audit Logs. These logs include account changes, user changes, and security settings.
    HR Security
    Security Awareness
    Policies
    Adaptive Shield has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Adaptive Shield information assets.
    Training
    All employees perform Security Awareness Training, which is given upon hire and annually thereafter. 
    All engineers receive annual Secure Coding Training. 
    Employee Vetting
    Background Checks
    Adaptive Shield performs background checks on all new employees in accordance with local laws. These checks are also required for contractors.
    Confidentiality Agreements
    All new hires are required to sign Non-Disclosure and Confidentiality agreements.
    Vendor Security
    Adaptive Shield minimizes risks associated with third-party vendors by performing security reviews on all vendors with any level of access to our systems or Service Data.
    Privacy Program
    Adaptive Shield has a formal global privacy and data protection program, which includes cross-functional key stakeholders including Legal, Security, Product, and Executive of the company. 
    As privacy advocates, we work diligently to ensure our Services and team members are dedicated to compliance with applicable regulatory and industry frameworks.
    Please see our Privacy Policy for more details.
    Our main sub-processes are some of the world’s most trusted companies. We conduct careful due diligence on the privacy and security practices of third parties we engage to help us provide our services. You can find our list of sub-processors here.
    Vulnerability Disclosure Policy
    View our vulnerability disclosure policy here.
    If you have discovered a vulnerability that we should know about, please share it with us.
    GDPR Compliant
    ISO 27001 Compliant
    ISO 27001 Certified
    ISO 27701 Certified
    SOC 2 Compliant
    Cyber GRX