Adaptive Shield's Trust Center
Adaptive Shield uses a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected.
The Ultimate SaaS Security Posture Management Checklist: 2024 Edition
GET THE CHECKLISTThe Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities
Learn moreThe SSPM Justification Kit
GET THE KITAdaptive Shield’s SSPM & ITDR Platform Features and Capabilities
DownloadThe Ultimate SaaS Security Posture Management Checklist: 2024 Edition
GET THE CHECKLISTThe Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities
Learn moreThe SSPM Justification Kit
GET THE KITAdaptive Shield’s SSPM & ITDR Platform Features and Capabilities
DownloadAdaptive Shield uses a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected.
Adaptive Shield uses best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our customers meet their own compliance standards.
ISO27001 certificates:
Adaptive Shield INC – ISO27001 Certificate.PDF
Adaptive Shield LTD – ISO27001 Certificate.PDF
ISO27701 certificates:
Adaptive Shield INC – ISO27701 Certificate.PDF
Adaptive Shield LTD – ISO27701 Certificate.PDF
CAIQ by CSA:
Adaptive Shield CAIQ STAR Security Questionnaire
Adaptive Shield hosts Service Data primarily in GCP data centers that have been certified as ISO 27001 and/or SOC 2 compliant.
GCP infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.
GCP on-site security includes features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.
Adaptive Shield leverages GCP data centers in the United States and Europe.
Adaptive Shield offers multiple data locality choices including the United States (US) or European Economic Area (EEA).
Our Security Team is on call 24/7 to respond to security alerts and events.
Our network is protected through the use of GCP security services and mechanisms, integration with our Adaptive Shield platform, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.
Our network security architecture consists of multiple security zones. More sensitive systems like database servers are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
In addition to our extensive internal scanning and testing program, each year Adaptive Shield employs third-party security experts to perform a broad penetration test across the Adaptive Shield Production and Corporate Networks.
Adaptive Shield relies on GCP anti-DDoS mechanisms, as well as scaling and redundancy tools.
Access to the Adaptive Shield Production Network is restricted on an explicit need-to-know basis, utilizes the least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Adaptive Shield Production Network are required to use VPN and MFA.
In case of a suspected incident, response activities are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
Encryption in Transit
All communications with Adaptive Shield UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between the customer and Adaptive Shield is secure during transit.
Encryption at rest
Data is encrypted at rest in GCP using AES-256.
Adaptive Shield employs network redundancies to eliminate single points of failure. Our strict backup process allows us to deliver a high level of service availability, as data and operations are replicated across availability zones.
Our Business Continuity and Disaster Recovery (BCP and DR) ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
Adaptive Shield provides annual Secure Coding Training to all developers.
Adaptive Shield leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.
Testing and staging environments are separated from the Production environment. No customer of production data is used in our development or test environments.
We employ third-party security tooling to continuously and dynamically scan our core applications against common web application security risks, including, but not limited to the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.
We scan the libraries and dependencies used in our products to identify vulnerabilities and ensure the vulnerabilities are managed.
In addition to our extensive internal scanning and testing program, Adaptive Shield employs third-party security experts to perform detailed penetration tests on different applications within our family of products.
Adaptive Shield has several different authentication options: subscribers can enable native Adaptive Shield authentication and/or Enterprise SSO (SAML, JWT) for end-user and/or agent authentication.
Adaptive Shield supports 2-factor (2FA) for customers.
Adaptive Shield follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.
Access to data within Adaptive Shield platform is governed by role-based access control (RBAC) and can be configured to define granular access privileges. Adaptive Shield supports various permission levels for users.
Any Adaptive Shield account can restrict access to their Adaptive Shield Support to users within a specific range of IP addresses. Only users from the allowed IP addresses will be able to sign in to your Adaptive Shield account.
Adaptive Shield supports user, API, and system-level Audit Logs. These logs include account changes, user changes, and security settings.
Adaptive Shield has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Adaptive Shield information assets.
All employees perform Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Coding Training.
Adaptive Shield performs background checks on all new employees in accordance with local laws. These checks are also required for contractors.
All new hires are required to sign Non-Disclosure and Confidentiality agreements.
Adaptive Shield minimizes risks associated with third-party vendors by performing security reviews on all vendors with any level of access to our systems or Service Data.
Adaptive Shield has a formal global privacy and data protection program, which includes cross-functional key stakeholders including Legal, Security, Product, and Executive of the company.
As privacy advocates, we work diligently to ensure our Services and team members are dedicated to compliance with applicable regulatory and industry frameworks.
Please see our Privacy Policy for more details.
Our main sub-processes are some of the world’s most trusted companies. We conduct careful due diligence on the privacy and security practices of third parties we engage to help us provide our services. You can find our list of sub-processors here.