Elium security

SSO & 2FA

SAML Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.  But if you’re using password-based authentication, you can turn on 2-factor authentication (2FA). More details on our docs.

Permissions

We enable permission levels and access rights within the app to be set for your usage.

Password and Credential Storage

Elium provides three password levels complexity and credentials are stored using a hashing and salting functions (bcrypt).

Uptime and Monitoring

We have an historic uptime of 99.9% or higher. We monitor our uptime using Pingdom and our services resources utilisation with Datadog.

Network, Storage and Systems security

Data Hosting and Storage

Elium services and data are hosted in Google Cloud Platform (GCP) facilities (eu-west1-b) in Belgium (Europe) using high-availability distributed storage solution Google Cloud Storage.

Failover and DR

Elium was built with disaster recovery in mind. All of our infrastructure and data are spread across multiple GCP availability zones in Belgium. Provisioning of our services are scripted and can be restored in less than 1 hour in any other Cloud data center in case of major issue on the primary data-center.

Virtual Private Cloud

All of our services are within our own containers cluster (Kubernetes) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.

Logging and Tracing

On an application level, we produce audit logs for all activity, ship logs to Datadog for analysis and use S3 for archival purposes. All actions taken on production consoles or in the Elium application are logged.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. Elium is served 100% over https. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on GitHub, Google, and others services to ensure access to cloud services is protected.

Encryption

All data sent to or from Elium is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Pentests and Vulnerability Scanning

Elium uses third party security tools (Qualys, OpenVAS) to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised.

Updates and Security patches

We regularly updates systems and services that operates Elium and apply security patches when required. We manage any modification through a change management system that allows us to quickly revert these in case of unattended issues.

Incident Response

We implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem.

Additional Security features

Training

All employees complete Security and Awareness training annually and during onboarding.

Policies

Elium has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Vetting

Elium performs background checks on all new employees in accordance with local laws.

Confidentiality

All employee contracts include a confidentiality agreement.

Security questions?

If you think you may have found a security vulnerability, please get in touch with our security team at privacy@elium.com

Learn more about Elium by reading our Terms of Use and Privacy Policy.