Customer Stories
Swantide Security Overview
Swantide is designed with the most security-conscious IT and Security teams in mind, and security is deeply considered in every aspect of our product. We’ve also taken deep care to ensure our internal policies are secure from the get-go.
Overview
This paper provides a current overview of the state of Swantide’s security. Our approach takes advantage of modern cloud computing practices while adhering to strict policies that ensure the security and integrity of the data we touch. Swantide is committed to working with security and IT teams, third-party auditors, and penetration testing firms to continually strengthen our investments across all aspects of our security.
Corporate Governance
Our commitment to the security and privacy of customers starts with information security policies that guide the behavior of our staff. Some of these are outlined below:
1. Employees and contractors sign agreements that require them to preserve and protect the confidentiality of sensitive information they may access while doing their jobs.
2. We conduct mandatory background checks for all employees.
3. Employees are required to enable two-factor authentication in every internal and external service where two-factor authentication is made available. 4. Employees receive privacy and security training at least annually.
5. We have a well-documented Incident Response Plan, which requires the prompt disclosure of a breachto a customer’s security organization and working with them for prompt remediation.
6. Swantide is SOC2 compliant and currently in the process of a SOC2 Type 2 audit.
1. Employees and contractors sign agreements that require them to preserve and protect the confidentiality of sensitive information they may access while doing their jobs.
2. We conduct mandatory background checks for all employees.
3. Employees are required to enable two-factor authentication in every internal and external service where two-factor authentication is made available. 4. Employees receive privacy and security training at least annually.
5. We have a well-documented Incident Response Plan, which requires the prompt disclosure of a breachto a customer’s security organization and working with them for prompt remediation.
6. Swantide is SOC2 compliant and currently in the process of a SOC2 Type 2 audit.
Environmental Security
GCP is an industry-leading cloud service platform that provides Swantide with professional security staff, nondescript facilities, controlled access, video surveillance, intrusion detection, and other security features. All data is separated from outside connections, and access is limited to select approved system administrators. Swantide’s databases, backups and all copies of application data are encrypted at rest (AES-256 or stronger). Swantide stores immutable audit logs maintained by Google. Access to and interaction with the deployment is logged and audited.
Software Security
Swantide is built with industry-tested technology and security practices.
Swantide uses a combination of methods to verify application correctness and security including mandatory peer review, suites of automated unit and integration tests, end-to-end diagnostics running on live systems.
All clients use TLS/SSL when communicating with deployments. Swantide leverages single sign-on (SSO) and existing identity access management (IAM) and multi-factor authorization (MFA) providers for authentication.
Swantide uses a combination of methods to verify application correctness and security including mandatory peer review, suites of automated unit and integration tests, end-to-end diagnostics running on live systems.
All clients use TLS/SSL when communicating with deployments. Swantide leverages single sign-on (SSO) and existing identity access management (IAM) and multi-factor authorization (MFA) providers for authentication.