Periscope Data Security Architecture
1 Customers connect to Periscope Data over HTTPS, the protocol used for online banking. 2 Periscope connects to customer databases from static IP addresses that customers can whitelist in their firewall settings. For databases in private networks, Periscope can connect through using SSH tunnels. 3 Periscope's Web and Backend servers connect to each other using encrypted connections over SSL.
- Periscope Data is SOC2 certified for data security for cloud-based service providers. Documentation available upon request.
- Periscope Data is HIPAA certified for all medical and patient-centered data. Documentation available upon request.
- All servers receive quarterly patching and security updates, and intrusion detection systems monitor for security incidents.
- All traffic between your web browser and Periscope Data’s servers is encrypted with 256-bit AES encryption.
- Database connections use JDBC over SSL. For additional layers of security, we recommend connecting through SSH tunnels and whitelisting access to our static IPs.
- Periscope Data maintains strong connections with HTTP Strict Transport Security (HSTS) protocols to protect against a multitude of security attacks.
Data Security and Information Systems
Periscope Data is governed by its Information Security Management System (ISMS), a set of policies and procedures designed to keep customer data and Periscope Data corporate assets safe and restricted to their intended and authorized use. Periscope Data’s ISMS is compliant with the HIPAA HITECH Security Rule and is SOC2 Certified. Details of Periscope Data’s ISMS and compliance audit procedures follow.
- Periscope Data follows OWASP best practices and security guidelines.
- No client information is shared with affiliates or 3rd parties for any reason.
- Access to production servers is restricted except for the automated deployment of code written by Periscope Data software engineers, and during declared emergencies by on-call engineers. Non-Periscope Data code is never deployed on our production servers.
- Periscope Data performs cross-site scripting and SQL injections checks to defend against unauthorized access.
Monitoring, Access Logs, & Intrusion Detection Systems
Periscope Data employs a robust Intrusion Detection System (IDS) and monitoring/auditing framework in our production environment. Any access to Periscope Data system logs the who, what, where, and when details of the transaction.
Data Encryption & Intrusion Prevention
To prevent unauthorized access, Periscope Data has taken a number of steps to ensure that data security is maintained, even in the context of breach.
Network-level Access Control Lists (ACLs) monitor all network-level transactions, and verify that servers attempting to communicate with each other are authorized to do so. These ACLs specify which ports are approved for network communication depending on the individual server’s role in the overall Periscope Data architecture. ACLs are analogous to firewalls that operate at the subnet level. Engineering access to production systems are secured via SSH keys. All customer data, passwords and connection configurations are encrypted.
- Periscope Data offers SAML-based Single Sign-On functionality. We support Okta, OneLogin, and Google Apps SSO providers.
- Periscope Data requires strong passwords. Audit logging lets administrators see when users last logged in and when passwords were last changed.
- Periscope Data empowers all Periscope Data users to secure their access with Two-Factor Authentication.
- Admins on our Enterprise plan can mandate two-factor authentication for all users.
- Periscope Data helps you restrict data access to only those who should have it with Data Permissions. Available with Enterprise plans.
Communications and Operations Management
- All code changes and application updates to our production environment are reviewed for security issues before general release.
- Periscope Data isolates development, testing, staging, and production environments in different engineering environments.
- User passwords are salted, irreversibly hashed, and stored in Periscope Data's Postgres database. Periscope Data employees are restricted from accessing user passwords.
Incident Event and Communication Management
- Periscope Data conducts penetration tests on external networks annually.
- Periscope Data has formal incident response plans for major events.
- For major events, our email notification system contacts affected companies within 24 hours.