TRUST & PRIVACY

Trust is at the center of what we do

Lacework takes a fundamentally unique approach to customer privacy, demonstrated through our private by design agentless scanning architecture.

Private by design

At Lacework, our agentless workload scanning is private by design, carefully architected around three fundamental tenets of trust.

Three Tenets of Trust


We believe what happens in your cloud should stay in your cloud.

Lacework agentless workload security scans your data and reads analysis results only within your cloud environment, ensuring that your data doesn’t leave your account. This means that even in the unfortunate event of a breach of the vendor, your data – and your customers’ data – remains safe.

We believe privacy should not be a tradeoff for good security.

If your security solution is exporting your data, not only is privacy potentially compromised, but you might also jeopardize complying with GDPR and other international data or privacy standards. Instead of addressing these gaps at no additional cost, vendors may charge users extra for the privilege of secure scanning within their own accounts. You shouldn’t have to pay more to keep your data private.

We believe attacks are inevitable and security vendors shouldn’t expand your attack surface.

Some security providers stand behind the claim that identifying all attack paths can allow customers to prevent 100% of attacks. But this claim is not grounded in reality, especially considering the fluid nature of development teams. No one is immune to attacks, but expanding your attack surface could open you up to unnecessary risk.

Blog

Are you compromising data privacy with your security vendor?

Each security vendor handles, stores, and protects your data differently — and some of their standard practices might surprise you.

Read more
Are you compromising data privacy with your security vendor?

Committed to security and privacy

Security is embedded in everything we do. Lacework prioritizes security from design through production, ensuring the safety of customer, partner, and our own data.

Security

Lacework prioritizes customer trust and data privacy, aligning with ISO 27001, SOC 2, NIST 800-53 standards. We maintain a secure risk posture through ongoing security control assessments and rapid incident response, safeguarding Lacework and customer data.

Lacework Security and Privacy Standard


Privacy

Our processes, technology, and policies conform to standard privacy practices under GDPR, and EU/US Data Privacy Framework, UK Extension, and Swiss/US Data Privacy Framework, and use Standard Contractual Clauses for transfers of data outside of the EU, and CCPA. To learn more, please visit our legal information page.


Compliance

Lacework’s information security and privacy programs are based on industry standards including SOC 2, ISO 27001, and NIST 800-53. In addition to our internal compliance programs, Lacework undergoes annual SOC 2 Type II audits performed by an independent auditor. The most recent SOC 2 report is available through your account manager.


Availability

Lacework’s cloud infrastructure leverages cloud-native features for low latency, high reliability, and scalable operations. We’re committed to provide monitoring for your systems 24/7. Check our real-time status and historical availability at https://status.lacework.net.

Responsible Disclosure

Lacework believes in the responsible disclosure of vulnerabilities. If you believe that you have identified a vulnerability in Lacework’s products, infrastructure, or service, please submit it through Lacework’s HackerOne program at https://hackerone.com/lacework. If you believe that there has been a breach of Lacework’s systems, please email security@lacework.com with as much information as possible.

GDPR

*Lacework, Inc. is not associated with AICPA.