Security and Compliance

Security-oriented environments start with high coding standards that
guard against attempted security breaches and are accompanied by
rigorous code reviews and tests. Logz.io employs strict development
processes and coding standards to ensure that both adhere to best
industry security practices.

In addition, the company’s testing platform performs a set of various
black box and white box tests for quality assurance (including ongoing
penetration tests). R&D processes are implemented and supported with
security as a top priority across all system layers, from the physical
layers up to the application layer.

Logz.io relies on the Amazon and Microsoft cloud’s exceptionally flexible and
secure cloud infrastructure to store data logically across multiple AWS and
Azure cloud regions and availability zones. AWS and Azure make abiding by
industry and government requirements simple and ensures the utmost in data
security and protection. For example, AWS infrastructure aligns with IT security
best practices and follows a number of compliance standards such as:

All data centers that run Logz.io’s platform are secured and monitored 24/7,
and physical access to both AWS and Azure facilities are strictly limited to
select internal cloud staff. (For more information about these providers’ secure
architecture and compliance certifications, visit: http://aws.amazon.com/security
or https://azure.microsoft.com/en-us/overview/trusted-cloud/.)

Every microservice runs inside a well-defined Docker container that allows
specific levels of access to select controllers. Logz.io uses Docker to avoid
erroneous instance-configuration changes, upgrades, and corruption that are
common sources of security breaches. Additionally, Logz.io hardens docker
images running within containers to enable various network access controls.

Logz.io takes necessary precautions to ensure that every layer involved in
data transfer is secured by best-of-breed technologies. The company’s
network is segmented using AWS/Azure security groups and additional
custom measures. In addition, the Company monitors security alerts that are
analyzed and addressed in real-time. Through in-depth network monitoring,
Logz.io is able to detect anomalies and take a proactive approach to eliminate
potential breaches.

Logz.io secures each and every step of the data funnel. Logz.io
dedicates logical segments of the data stores for each individual
customer’s data logs, ensuring full data-segregation. Data is tagged,
segregated, and tunneled through the Company’s data-ingestion
system. They mark each specific piece of given customer data
according to its associated organization, which is associated with that
data throughout its life cycle. When data is in transit in Company’s
ingestion pipeline, it is marked with specific information, including its
associated customer, so that it can only be accessed by that customer.

The Company supports TLS v1.2 encryption for data in transit over the
internet, so customers can securely upload their data to the Company
cloud and securely browse through their own Company console. Cold
data is encrypted and hosted in separate Simple Storage Service (S3)
buckets, which are secured via durable AES 256-bit encryption.

In addition, Company continuously tracks and maintains the location
and state of their customers’ data.

Logz.io supports role-based access through their interface,
allowing end users to be defined as admins or users as well as
suspended or deleted. Customers’ account administrators
manage and control user access, including provisioning new end
users with a defined access level.

To verify adherence with compliance policies, Logz.io uses 3rd-
party auditing services. E&Y, one of the “Big Four” auditing firms,
performs periodic and comprehensive auditing to audit and
validate processes.