At Panorays, we understand that our security is extremely important for our customers. As a security company, our own cyber posture is extremely important to us. This page describes the measures we employ to ensure that your data is safe. If you have any questions, please don’t hesitate to contact us.
SOC 2 Type II
Panorays has completed a SOC 2 Type II review, attesting that our risk management, software development and security practices meet a rigorous standard of oversight, and that our organization supports these goals. Customers can be confident that the product and services Panorays provides are mature, robust and secure. Our SOC 2 Type II attestation also means that we can proactively monitor, identify and address any unusual activity, remediate it with deep contextual insight, and take corrective action, if and when it is needed.
Panorays has achieved International Organization for Standardization (ISO) certification for information security management: ISO/IEC 27001:2013. Please see certification here.
Panorays’ physical infrastructure is hosted and managed on Google Cloud Platform’s (GCP) data centers and utilizes Google’s technology. GCP’s data center operations have been certified with the highest compliance standards, regulations and certifications: ISO 27001, ISO 27017, ISO 27018, SOC1, SOC2, SOC3, GDPR, HIPAA, PCI DSS and more.
For more information, please see: https://cloud.google.com/security/compliance/
This Google Security Whitepaper describes all of the physical access controls of the data centers of Google.
Panorays ensures the security and privacy of user information by encrypting data on all servers at rest and in transit. Our systems are designed to ensure data is protected at all times. Specifically, we’re using TLS v1.2 with strong ciphers to protect data in transit.
All data in transit is encrypted on the Panorays platform. We use SSL/TLS encryption on our web assets to ensure the highest security and data protection standards. We regularly verify and renew our security certificates and encryption algorithms to keep your data safe. We also perform external perimeter scans with the Panorays platform to ensure our own posture.
All at-rest sensitive user data is encrypted. We use the industry standard encryption at the storage level.
Panorays is the administrator of its infrastructure. Only designated and authorized Panorays operations team members who use two-factor authentication are able to access the infrastructure.
Protected and Tested Backups
We’ve protected and tested backups of our database and keep doing it regularly.
Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied, and only explicitly allowed ports and protocols are allowed based on business requirement.
At Panorays, we integrate with SAML 2.0 and different SSO providers. We’ve also implemented MFA authentication.
We perform continuous monitoring on all of our outfacing and inner applications with the Panorays’ platform. We provide 24/7 monitoring of all of our assets, including the web servers, API servers, mail servers and more.
Role Based Access Control (RBAC)
Panorays is built as a single page app, with a REST API backend server. Each user is identified with a unique session. Each request to the API server is first checked for the right scope in order to validate that a user is allowed to invoke the API. All API requests are scoped to the minimal required permission.
External Security Audits and Penetration Tests
Panorays contracts with an independent, third-party agency to conduct annual black box and white box penetration testing and provides access to the platform and a high-level application architecture diagram. We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits of Panorays. Information about any security vulnerabilities discovered through testing is used to establish mitigation and remediation priorities. A penetration test findings summary is available to enterprise customers upon request.
We also monitor our product for security vulnerabilities automatically with external tools and auditors and also monitor ourselves with the Panorays platform 24/7.
System and Application Log Collection
All system access and customer access are logged and tracked for auditing purposes internally and can be reviewed in case of an incident.
Incident Response and Management
Panorays has constructed incident response and notification procedures. We have a CISO that is in charge of responding to security incidents and mitigating risks.
Security Awareness and Training
In order to help ensure that Panorays’ employees are aligned with the security practices and aware of their duties, Panorays conducts information security awareness campaigns. Our engineering, security research and operation teams keep their security best practices up to date and have online and in-person sessions about new threats in the cybersecurity world.
Report Security Issues
If you find a bug or security issue on our platform or website, please let us know about it by sending an immediate email to [email protected]
If you have any further questions please contact [email protected].