Security

Your data is in good hands

We take security seriously. We have more than 1000+ customers who trust Atatus Observability Platform with their data and it is our responsibility and priority to build trust . We build all our products with security at the heart of our design, policies, processes to provide the highest resiliency possible. We follow security by design principles and perform continuous integration. By doing so, we respond quickly to any issues that arise both in functional and security level.

We at Atatus, use industry security vendors and open source projects along with the security provided by our cloud providers including AWS, Digital Ocean, Google Cloud Platform. We use the highest industry standards to cover the complete TCP/IP stack, DNSSEC, DDoS protection, dedicated web application firewall along with network firewall controlling the access to protect information systems and customer information.

Data encryption

We use security best practices to encrypt the data in transit using the latest recommended secure cipher suites and protocols, whenever supported by clients. All customer data is also encrypted at rest while passwords are stored using irreversible encryption (hash function + salt) to ensure their confidentiality. Appropriate safeguards have been implemented to protect the creation, storage, retrieval and destruction of secrets. We implement best practices as they evolve and respond promptly to cryptographic weaknesses as they’re discovered.

Authentication

Atatus provides an additional level of security during application authentication by allowing end users to log in to Atatus using an Identity Provider offering single sign-on (SSO), which integrates with services that support Security Assertion Markup Language (SAML). Atatus' SAML support allows organizations to enforce password policies, control authentication, handle account recovery and enable MFA (multi factor authentication) to Atatus.

Web Application Firewall

Our dedicated web application firewall acts as a strong barrier to protect Atatus’s application and microservices. It enforces security controls such as hardened TLS configuration (HSTS, strong encryption and hashing algorithms), overall protection against malicious activity (bad IP reputation detection, browser integrity checks, WAF rules) and multiple rate-limiting rules that prevent automated form submission on critical endpoints (password guessing attacks).

Logging and monitoring

We maintain a centralized logging environment for all our production environment servers which contains information pertaining to security, monitoring, availability and access, as well as other metrics about our application ecosystem and its microservices.

We analyze these logs for security abnormalities and events via logical and technical controls. Further, alerts and monitors automatically notify appropriate internal teams 24/7/365 to ensure visibility and responsiveness.

Incident response

Atatus's incident management policy and procedures are designed to quickly and effectively handle any event which may impact our data availability, integrity or confidentiality. Should a situation arise, we immediately notify affected customers and any applicable regulator according to our privacy policy.

Policies and Process

Atatus has implemented and maintains appropriate administrative, physical, and technical safeguards for the protection of the confidentiality, integrity, availability, and privacy of our information assets & systems and customer data. Further, Atatus agrees to regularly test, assess and evaluate the effectiveness of its Information Security Program to ensure security by design of information processing practices.

  1. Privacy Policy
  2. Terms of Service
  3. GDPR
  4. Data Protection Addendum (DPA)

Ready to see actionable data?

Try Atatus's features free for 14 days. No credit card required. Instant set-up.