Security

TRUST IS A CRITICAL ASSET TO OUR SUCCESS

Security is at the forefront of everything we do at Lacework – we take security very seriously. This is not just about securing our customers. It is also about securing our platform and our customers’ data on that platform. We have dedicated security roles, the security engineers are the engineers. It is everyone’s role at Lacework to make sure we are as secure as possible, not just that of an individual or a group.

 

CUSTOMER CONFIDENTIALITY

As a customer-first organization, we are committed to not breaking the trust with our prospects, customers, or business partners by publicly releasing information about their data, their security, their vulnerabilities, or any proprietary information without their consent. We take the confidentiality of that information seriously.

 

SOC CERTIFIED

Lacework as a company is SOC II certified. Additionally, among other security controls, we use the following best-practices:

  • Encryption at rest and in-transit
  • Multi-factor authentication for access
  • Network level controls
  • Least-privilege access grants and controls
  • Vulnerability scanning and maintenance
  • Source code review bug hunting

 

RESPONSIBLE DISCLOSURE

We believe in the responsible disclosure of vulnerabilities to our service and will reply to all reported vulnerabilities via email at >security -(at)- lacework.com. We will respect confidentiality of all reporting parties and request that as much information as possible is sent including; high level overview of vulnerability discovered, sample procedures to reproduce, and your appropriate contact information.

 

DATA CENTER SECURITY

Not only is Lacework SOC II certified, the data centers we operate in meet the most demanding security requirements also. Our service runs 100% on highly secured data centers which have several certifications, including SOC II type II, SOC 1/SSAE16/ISAE 3402 (Formerly SAS70), and ISO 27001. We deploy and maintain best practices to secure that infrastructure including network and data security, and customer data segregation.

 

DATA AT REST

All customer data is stored in a data warehouse that is SOC II, PCI DSS, and HIPPA compliant, and ensures:

  • Fine-grained access to the data
  • Data encryption only those with the key can read
  • Encryption of data at rest and in-transit