Trust Center
Security Is The Heart Of Our Business
Compliance with International standards
Akeyless is proud to maintain world-class compliance and security standards, including FIPS 140-2, SOC 2 Type II, ISO 27001 and PCI DSS compliance.
Enable your security audits and initiatives
Using Akeyless, encrypt in motion (and at rest) with the most updated protocols (TLS 1.2 and up). Akeyless also provides comprehensive audit logs and SIEM integration for your own monitoring and compliance initiatives. Through your IDP, use Akeyless to inherit two-factor authentication for reinforced security across your organization.
Built into our DNA
Security & Reliability at the core
Akeyless has implemented technical, physical and administrative security measures to protect our customers’ data. Our operations are regularly audited to ensure that we meet the highest security standards. For more information, see our Data Protection Measures.
We have also built Akeyless to be fortified against uncertainty. When the inevitable happens, we want our customers to keep the lights on. By spanning our infrastructure across multiple cloud platforms, regions, and availability zones, our platform is highly available and reliable.
Report a Vulnerability
Akeyless maintains a bug bounty program and investigates all reported vulnerabilities and bugs.
FAQ
Akeyless has an Incident Response and Business Continuity Plan that allows the company to react to incidents in a timely manner and be prepared for anything that might happen. Akeyless also maintains a Data Backup and Snapshot Policy with restoration capabilities in common industry timelines. Databases are replicated across multi regions and multi cloud operations.
In addition, Akeyless is deployed on multi-availability zones and multi-regions. When a zone or an entire region is not functioning, Akeyless will continue to operate. The multi-region deployments are used for a Geolocation based policy, which ensures high availability and latency.
For Disaster Recovery, Akeyless uses inherent features like multi-region read replicas, versioning, and snapshots to ensure high availability of customer’s data.
Akeyless ensures security at the database, application, and infrastructure levels of the product.
From day one, Akeyless develops software with security in mind. From the developer who writes the code to the automated tools that scan for vulnerabilities, every piece of code is inspected.
In addition, Akeyless regularly conducts penetration tests to identify gaps in either the security of its application and its infrastructure. Any gaps that are identified are mitigated according to their level of risk and retested.
Akeyless has developed a set of security policies to dictate the way security is implemented internally. All policies are reviewed and updated annually to the latest security practices.
All Akeyless employees and contractors must pass background checks and sign a confidentiality agreement. When they begin working at Akeyless, they undergo security training, which they must renew at least once a year. In addition, developers go through a secure development training to ensure the security of the code and resulting products.
Akeyless uses cloud service providers with best-in-class security, ensuring that no third party will increase the level of information security risk at Akeyless.
In addition, the patented Akeyless NIST FIPS 140-2 validated DFC™ technology provides proactive insider threat attack protection since neither Akeyless nor the cloud service providers have access to customer secrets and keys. Learn more here.
We’re happy to answer any questions you have at [email protected].