Cyera Trust Center
Lasting partnerships are built on trust
Cyera ensures our customer data is rigorously protected inline with security, compliance, and privacy frameworks
Information Security Program
We maintain an internal Information Security Program (ISP) that addresses both our products and our general business practices. The ISP ensures a secure environment for our employees, customers, systems, and the data we manage. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, and covers key areas including access controls, employee training, physical security, network and cloud security, encryption, credential and key management, and software development life cycle policies and practices including security by design. Additional information is available at https://security.cyera.io/
SOC 2 Compliance
As part of our commitment to safeguard customer data and maintain excellence in security controls and operations, Cyera submits our platform for an annual SOC 2 Type 2 audit to ensure the appropriate safeguards are applied to customer data and evaluate how well those controls are operating. Cyera’s SOC2 Type 2 report is available upon request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC).
ISO 27001 Certification
The Standards Institution of Israel certifies that Cyera operates an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2013.
Certificate Issuance Date: Sep 22, 2022
Expiration Date: Sep 22, 2025
Platform Architecture
As a cloud native platform, Cyera delivers highly scalable and highly available services, with security built in as a first principle. The service is designed to limit the information processed outside of a customer’s cloud environment. Customer data never crosses regions; all data analysis occurs in the same region where the data was originally discovered. Cyera connects to customer environments using cloud-native APIs, which means that no agents are deployed.
Data is encrypted across the Cyera platform at all times, both at rest and in transit. All communication is encrypted using TLS 1.2 or higher. All data managed by the platform is encrypted at the database or volume level using AES-256 encryption.
Cyera’s architecture, engineering, product, and operations teams are experienced cyber security experts from both the public and defense sectors. Each team follows strict, secure software development lifecycle (SSDLC) procedures and best practices. All platform code is peer reviewed and passes SAST and SCA scans; SAST scans the application code to discover faulty code posing a security threat, while SCA scans ensure application code is free of vulnerabilities and license violations in open-source dependencies.
Additionally, we conduct annual 3rd party penetration test exercises on our infrastructure and applications, or when major architectural changes are made to the platform. Any high criticality findings are triaged and fixed immediately.
A full platform security architecture document, that includes the information from this trust center, along with backend security, access control mechanisms and more, is available upon request.
Privacy
As a cloud native platform, Cyera delivers highly scalable and highly available services, with security built in as a first principle. The service is designed to limit the information processed outside of a customer’s cloud environment. Customer data never crosses regions; all data analysis occurs in the same region where the data was originally discovered. Cyera connects to customer environments using cloud-native APIs, which means that no agents are deployed.
Data is encrypted across the Cyera platform at all times, both at rest and in transit. All communication is encrypted using TLS 1.2 or higher. All data managed by the platform is encrypted at the database or volume level using AES-256 encryption.
Cyera’s architecture, engineering, product, and operations teams are experienced cyber security experts from both the public and defense sectors. Each team follows strict, secure software development lifecycle (SSDLC) procedures and best practices. All platform code is peer reviewed and passes SAST and SCA scans; SAST scans the application code to discover faulty code posing a security threat, while SCA scans ensure application code is free of vulnerabilities and license violations in open-source dependencies.
Additionally, we conduct annual 3rd party penetration test exercises on our infrastructure and applications, or when major architectural changes are made to the platform. Any high criticality findings are triaged and fixed immediately.
A full platform security architecture document, that includes the information from this trust center, along with backend security, access control mechanisms and more, is available upon request.
Infrastructure Subprocessors
We engage the following infrastructure subprocessors to help provide our products to our customers.
* Classification of customers data is performed in a cloud service environment at the customer’s country
Request Additional
Information
