Upholding Enterprise-grade Security Standards with SOC 2 Compliance

Data, security, privacy, and confidentiality are words that you have probably been hearing a lot lately. Between the amount of data Google has on you, and the rows of personal details Facebook stores, data and the security of it is more important today more than ever before.

We as a company take the security of your data extremely seriously. Read on to learn why, and how our SOC 2 compliance ensures your data stays protected with enterprise-grade security standards.

SOC 2  Breakdown

SOC 2 was developed by the American Institute of CPAs (AICPA), and its reports define criteria for managing customer data based on 5 principles. The SOC 2 was created specifically for technology and cloud-computing organizations that want to assure their clients their information is secure.

SOC 2 reports are becoming increasingly more popular for SaaS and cloud service organizations, and are becoming a necessity to ensure data is being handled properly. A SOC 2 type2 certification is issued by outside auditors that assess the amount a company’s processes comply with the report’s 5 principles.

Importance of Data Security

With the number of sites we visit online and the number of actions we take without thinking twice, it should come as no surprise that our information is out there.

Let’s take Google for example. The behemoth data-mining search engine knows where you are and where you’ve been just by you conveniently using Google on your phone. They store your location every single time you turn on your phone to create a timeline of your movements. Scary? On top of that, Google saves your YouTube history, which tells them what you’re into and not into, knows the apps you use, is aware of everything you have searched for, and use all of this information to create a detailed advertisement profile on you. And we can’t mention Facebook, who has been in the news for their privacy policies and grilled by congress. The social network stores files and messages you’ve sent or received, contacts on your phone, and audio messages. They also collect location data, can access your webcam and microphone, view your browsing history and more.

Great Power, Great Responsibility

With so much data being stored online and across servers, it’s imperative that companies handle it like a weapon. Companies that mishandle their users’ data risk penalties and heavy fines, revenue loss, losing those users entirely due to lack of trust, and worst of all, risk going under.

It’s for these reasons that companies must implement security protocols and procedures. One of the most strict protocols is the SOC 2 compliance.

How Coralogix Secures Your Log Data

Coralogix is SOC 2-compliant. This means that an external auditor assesses our processes on a regular basis to ensure that we comply with SOC 2 report’s Trust Service Principles.

There are 5 Trust Service Principles – Security, Availability, Processing, Confidentiality, Privacy – that are specific to the SOC 2 Report. AICPA refers to these as “a set of professional attestation and advisory services based on a core set of principles and criteria that address the risks and opportunities of IT-enabled systems and privacy programs.”

The report and specifical alignment with the relevant principles provide valuable 3rd-party validation that the company is meeting all the criteria contained in the relevant principles.

Coralogix, as certified by BDO, proudly upholds these principles.

  • Security
    In terms of security, we strongly stand behind our promises, as contained within our Terms and Conditions, regarding data privacy and information security. Our Terms and Conditions ensures the security and confidentiality of user data, protect against any anticipated threats or hazards to the security or integrity of user data, protect against unauthorized disclosure, access to, or use of user data, and ensures the proper disposal of user data. 
    Given the nature of our founders and their background in security, it is no wonder that security, protection, and privacy are key pillars of our offering.
  • Availability
    We’re proud of our high service level standards that guarantee not only availability of the service, but also a “Time is of the Essence” mentality, ensuring that all Coralogix clients receive the highest levels of availability.
  • Integrity
    This is a principle that flows through everything that we do and is part of the DNA of our company. Processing integrity is no exception, and we hold ourselves to the highest standards to ensure processing integrity that is complete, accurate, timely, and authorized

Top Security for Your Data

Data security is extremely important to us, and we’re honored to be able to provide top-notch security for our clients. By being SOC 2 compliant, and having enterprise-grade data privacy and security processes in place, we’re able to not only provide the best service and experience to our clients but also keep their log data secured and 100% available.

Some of Coralogix’s security measures: 

1- Coralogix stores its data on EU territory in order to make it easier for our clients to be GDPR ready.
2– Coralogix‘s application is SOC2 type2 compliant (Security, Availability, Data integrity) for 2018 by BDO, a full report can be provided upon request. 
3- Coralogix’s infrastructure is PCI and SOC2 type2 compliant. 
4- Our terms and conditions are public on our website and specify its policy regarding data and service availability. 
5- All the communication to and from Coralogix is done via SSL – Data sending, Interface, API’s 
6- Each Coralogix team gets a private key and ID for sending data. 
7- Coralogix offers a centralized interface for masking or blocking logs containing PII/sensitive data in case they are accidentally sent even before they are indexed or stored anywhere. 
8- Coralogix offers unlimited S3 archive owned by the customer for compliance purposes. 
9- Data is stored in different indexes for different teams/companies so that it is completely separated using Elastic Shield. 
10- Coralogix‘s website and application are stored behind a reverse proxy. 
11- Coralogix’s production environments run inside a Docker sealed environment
12- All Coralogix‘s servers are behind a closed VPN and cannot be accessed from the public web. 
13- Coralogix uses firewall services, auto backups, different availability zones, and key vault in order to ensure security and availability. 

Let's talk about how Coralogix can help you better understand your logs

Get a personalized demo

Jump on a call with one of our experts and get a live personalized demonstration