Security Is a Mindset, Not a Checklist

From how we approach infrastructure to how we onboard and offboard employees, we protect your data at every layer.

Deploy Within Minutes Without Agents

By connecting with native Office 365 and Google Workspace APIs, you receive a source of truth for all your applications. No agents, network access, or other end-user installs are required.

SOC 2 Type II

Our SOC 2 Type II report by our third party auditor attests that we have appropriate controls in place to keep customer data secure, confidential, and available.

Encrypted With The Highest Standards

We encrypt at transit and at rest with secure protocols, including AES256 and TLS1.2+. Our encryption keys are based on AWS's Key Management Service. We rotate them on a periodic basis and protect the creation, storage, retrieval, and destruction of secrets.

We Keep Our Networks Safe

Our infrastructure is deployed on a secure Virtual Private Cloud (VPC). We maintain compute and storage infrastructure in private-only subnets and control access through IP and port-based firewalls. Endpoint monitoring software on employee workstations and servers ensure that we keep our infrastructure secure and your data safe.

Security Control

Penetration Testing

We regularly work with third party firms to identify and remediate security vulnerabilities.

Continuous Security

We continuously monitor the operation of our security controls. This ensures we stay up to date and follow best practices (e.g. MFA).

Employee Training

We require security training from all employees. Developers complete a secure coding training which includes the OWASP Top 10 vulnerabilities.

SaaS and Identity Governance Without the Overhead

Try Lumos