Home » Privacy & Security

Privacy & Security

Privacy & Security

Keeping your data secure

Security is a priority for Sekoia. We are committed to ensuring confidentiality and integrity of your information and to maintaining the highest level of availability in our SOC platform.

Secure infrastructure

Secure infrastructure

Data encryption

All customer data is transferred securely using TLS v1.2 and above. At rest, data is encrypted using state-of-the-art protocols AES256 for disk encryption with self-managed keys.

Data storage

All our data is stored by highly trustworthy, certified hosting providers. Different geographical locations are available depending on needs (see our regions). These providers handle the physical security of their facilities and tightly controls who has access.

reliability

Reliability

Backups are done every day and stored off-site. Restoration tests are performed at fixed intervals.  We continually monitor uptime and we have 24/7 human coverage to deal with potential technical issues. You can check our current uptime and product status by visiting status.sekoia.io.

Secure platform

Secure platform

Authentication Vulnerability management Observability
Authentication
Vulnerability management
Observability
Authentication
Vulnerability management
Observability

We provide the ability to enable two-factor (2FA) authentication to your Sekoia account and/or Single-Sign-On. Account passwords are hashed and salted and cannot be retrieved.

La plateforme XDR intégrée à notre solution SOC

We seek out and proactively address vulnerabilities and exposures in Sekoia’s code and dependencies through automated tools, peer-review, and regular penetration tests. Web access to our applications is proxied behind a Web Application Firewall which detects and automatically blocks unwanted traffic.

La plateforme XDR intégrée à notre solution SOC

Any action performed on the platform by your SOC operators and administrators is logged to comply with audit trail requirements or trigger custom detection rules to ensure the security of your environment.

Privacy & Security Policy at Sekoia Soc platform

Organizational measures

Organizational measures

Internal security standards

Our security controls include leveraging two-factor authentication with U2F tokens, a zero-trust architecture, RBAC and least-privilege in the organization, endpoint management, encryption, and a comprehensive logging policy.

We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and new hacking techniques.

Employees working with customer data (such as support or engineering teams) undergo background checks prior to employment.

Privacy & Security Policy at Sekoia
Privacy & Security Policy at Sekoia

Observability

We have a dedicated internal Computer Emergency Response Team (CERT) that constantly monitors our environment for security events. This team also handles penetration testing, social engineering exercises, and awareness sessions.

Read our RFC2350

Compliance and documentation

We comply with international norms such as PCI-DSS, the reference standard in the card payment industry.
Discover our security and compliance program, browse our security White Paper, and check our security controls in real time at trust.sekoia.io.

Privacy & Security Policy at Sekoia

Privacy

Privacy

Data Privacy

We have a strict policy to respect the privacy of our customer data. We regularly review and update our policies and processes to follow reglementary changes or evolutions in our product.

We use a cookie policy that is enforced on all our websites. We make sure we display Internet content accordlingly with user consent.

Read our full cookie policy here

EU General Data Protection Regulation (GDPR)

We ensure compliance with the General Data Protection Regulation (GDPR). In the event that Personal Data is transferred outside the European Union, we undertake to implement the measures required by the Personal Data Regulation including security measures, adequate transfer mechanism etc.

Privacy in the product

Our legal and privacy teams work with our technical leads across the organization to make sure our products and features comply with applicable data protection laws. Our terms of use can be found here.

Management of subprocessors

Sekoia selects its subcontractors with the utmost care and and conducts business with subcontractors that provide sufficient security guarantees. For more information on the subcontractors involved in the provision of Sekoia.io solutions, please visit trust.sekoia.io.

Discover our
Trust center

Our Security Whitepaper can be downloaded on our Trust Center. It details many security controls enforced in the product
Discover our trust center - Sekoia.io

Connect with us!

Curious about our solutions or interested in a demo of our SOC platform?
Planning a cybersecurity project for your organization?
Let’s schedule a meeting to discuss your needs!