Security at Unryo#
Protecting your data is one of our most important responsibilities. We use a variety of industry-standard security technologies and procedures to help protect your information from unauthorized access, use, or disclosure.
Continuous integration#
Unryo performs continuous integration to minimize vulnerability risks at all stages: design, testing, tracking, and triaging.
Platform Security#
Unryo currently uses Google as its Cloud Provider to run the Unryo Monitor service and to store customer data. Refer to Google Cloud Security Standards here.
Data in transit#
Customers send data to the Unryo SaaS service by using a locally installed Unryo collector. All data transmission uses strong encryption protocols with TLS (Transport Layer Security) and HTTPS.
Data at rest#
Data at rest in Unryo's production systems are encrypted, which applies to all types of data at rest within Unryo's systems - relational databases, file stores, database backups, etc.
System and Software Security#
The Unryo system infrastructure is updated regularly with the latest security patches. All of our servers run hardened patched operating systems.
Authentication#
All users must be authenticated to log in, using single sign-on, strong passwords, password expiration, and password history policies. An API key is mandatory for all requests.
Access Control#
Custom role support for fine-grained access. Unryo supports multi-tenancy where different users inside an organization can authenticate to different tenants.
Unryo Employee Access#
All employees have signed non-disclosure agreements with Unryo. Employee access to our infrastructure is strictly limited to engineers who require such access to maintain the stability and efficiency of our systems. Access is based upon the principle of least privilege.
Physical Security#
Each Unryo customer's data is hosted in our shared infrastructure and logically separated from other customer's data. The Unryo Monitor service is hosted in data-centers maintained by Google, offering state-of-the-art physical protection for the servers and infrastructure.