Security is of paramount importance at Observe. We take the following steps to ensure that your data is safe and secure.
We support SAML SSO, GSuite OAuth, and email/password authentication providers. Strongs password and login attempt lockouts are enforced.
All data in Observe is encrypted in flight and at rest using strong cryptographic protocols. Customer data is stored in the Snowflake cloud platform and segmented using dedicated databases. Within Snowflake data is encrypted using customer managed security keys rooted in a hardware security module (HSM). Snowflake has SOC 2 Type II, SOC 1 Type II, PCI-DSS, HIPAA, ISO/IEC 27001, and FedRAMP Moderate Certifications. Customer data will only be accessed by a limited production team for support purposes. All access is logged in our internal audit tool.
We will delete data upon written request from a customer specifying a query and time range.
Our production infrastructure is hosted in a Cloud Service Provider (CSP). Physical and environmental controls are in place for production servers.
Access to our production infrastructure is limited to a production team following the principle of least privilege. We use multi factor authentication wherever possible and keep an audit log of all access. Continuous security scanning and monitoring tools are utilized. Additionally we have contracted NCC Group to conduct an annual penetration test.
Certifications and Compliance
We are currently undergoing a SOC2 Type II audit. A report will be available in March 2021.