Cyera ensures our customer data is rigorously protected inline with security, compliance, and privacy frameworks
We maintain an internal Information Security Program (ISP) that addresses both our products and our general business practices. The ISP ensures a secure environment for our employees, customers, systems, and the data we manage. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, and covers key areas including access controls, employee training, physical security, network and cloud security, encryption, credential and key management, and software development life cycle policies and practices including security by design.
As part of our commitment to safeguard customer data and maintain excellence in security controls and operations, Cyera submits our platform for an annual SOC 2 Type 2 audit to ensure the appropriate safeguards are applied to customer data and evaluate how well those controls are operating. Cyera’s SOC2 Type 2 report is available upon request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC).
The Standards Institution of Israel certifies that Cyera operates an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2013.
Certificate Issuance Date: Sep 22, 2022
Expiration Date: Sep 22, 2025
As a cloud native platform, Cyera delivers highly scalable and highly available services, with security built in as a first principle. The service is designed to limit the information processed outside of a customer’s cloud environment. Customer data never crosses regions; all data analysis occurs in the same region where the data was originally discovered. Cyera connects to customer environments using cloud-native APIs, which means that no agents are deployed.
Data is encrypted across the Cyera platform at all times, both at rest and in transit. All communication is encrypted using TLS 1.2 or higher. All data managed by the platform is encrypted at the database or volume level using AES-256 encryption.
Cyera’s architecture, engineering, product, and operations teams are experienced cyber security experts from both the public and defense sectors. Each team follows strict, secure software development lifecycle (SSDLC) procedures and best practices. All platform code is peer reviewed and passes SAST and SCA scans; SAST scans the application code to discover faulty code posing a security threat, while SCA scans ensure application code is free of vulnerabilities and license violations in open-source dependencies.
Additionally, we conduct annual 3rd party penetration test exercises on our infrastructure and applications, or when major architectural changes are made to the platform. Any high criticality findings are triaged and fixed immediately.
A full platform security architecture document, that includes the information from this trust center, along with backend security, access control mechanisms and more, is available upon request.
Data is encrypted by default across the Cyera platform, both at rest and in transit. All communication with the customer’s cloud environment as well as any data transferred between accounts is encrypted in transit using TLS 1.2 or higher. All data managed by the platform is encrypted at the volume level using AES-256 bit encryption.
We engage with Amazon Web Services (AWS) as a subprocessor to help provide our service to customers. AWS provides Cyera data hosting services for our SaaS platform.