Security

Platform Security Overview

Our operations are designed with security in mind, from our handling of sensitive customer data such as vulnerabilities, to the code release, upgrade, patch management, and operational security practices incorporating relevant security, policy, and evaluation frameworks such as OWASP, ISO 27001, NIST 800 series, and other best practices and meaningful standards.

  • Secure Hosting. We are hosted across multiple, independent PCI DSS Level 1 and ISO 27001-certified, SSAE 16-audited service providers with strong physical security (and no public datacenter access) such as Amazon Web Services.
  • Confidentiality. Data is protected using encryption in transit with high-grade TLS and encryption at rest with 256-bit AES. Encryption keys are securely stored in separate locations.
  • Availability. Services are provided from multiple geographic regions with automatic failover between sites.
  • Data Integrity & Backup. Backups are maintained in encrypted form only.
  • Authentication. Multi-factor: Our SaaS platform provides multi-factor authentication capabilities to our clients as an enhanced security measure. Single-sign-on (SSO) integration is available to integrate with enterprise identity providers via SAML 2.0.
  • Continuous Monitoring & Offensive Management. The Synack Red Team (SRT) provides a continuous offensive assessment of our applications and infrastructure. We leverage a combination of SRT, third-party providers, and technology platforms to maintain situational awareness.

Certifications & Third-Party Attestations

ISO 27001 is the international standard that describes best practice for an information security management system (ISMS) to take a systematic approach to managing confidential information so that it remains secure.

Privacy Shield

Synack complies with the U.S.-E.U. and U.S.-Swiss Privacy Shield frameworks as set forth by the U.S. Department of Commerce (the “Privacy Shield”) regarding the collection, use, and retention of personal data (as defined by the Privacy Shield) from the European Union and Switzerland. To learn more about the Privacy Shield principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, please visit https://www.privacyshield.gov/welcome.

See our Privacy Shield certification by clicking here.

 

Responsible Disclosure

To report a security vulnerability, please visit synack.responsibledisclosure.com.
A successful submission may result in an invitation to join the Synack Red Team.