Last updated on May 25, 2018
SSO & 2FA
SAML Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials. But if you’re using password-based authentication, you can turn on 2-factor authentication (2FA). More details on our docs.
We enable permission levels and access rights within the app to be set for your usage.
Password and Credential Storage
Elium provides three password levels complexity and credentials are stored using a hashing and salting functions (bcrypt).
Uptime and Monitoring
We have an historic uptime of 99.9% or higher. We monitor our uptime using Pingdom and our services resources utilisation with Datadog.
Network, Storage and Systems security
Data Hosting and Storage
Elium services and data are hosted in Google Cloud Platform (GCP) facilities (eu-west1-b) in Belgium (Europe) using high-availability distributed storage solution Google Cloud Storage.
Failover and DR
Elium was built with disaster recovery in mind. All of our infrastructure and data are spread across multiple GCP availability zones in Belgium. Provisioning of our services are scripted and can be restored in less than 1 hour in any other Cloud data center in case of major issue on the primary data-center.
Virtual Private Cloud
All of our services are within our own containers cluster (Kubernetes) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Logging and Tracing
On an application level, we produce audit logs for all activity, ship logs to Datadog for analysis and use S3 for archival purposes. All actions taken on production consoles or in the Elium application are logged.
Permissions and Authentication
Access to customer data is limited to authorized employees who require it for their job. Elium is served 100% over https. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on GitHub, Google, and others services to ensure access to cloud services is protected.
All data sent to or from Elium is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Pentests and Vulnerability Scanning
Elium uses third party security tools (Qualys, OpenVAS) to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised.
Updates and Security patches
We regularly updates systems and services that operates Elium and apply security patches when required. We manage any modification through a change management system that allows us to quickly revert these in case of unattended issues.
We implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem.
Additional Security features
All employees complete Security and Awareness training annually and during onboarding.
Elium has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Elium performs background checks on all new employees in accordance with local laws.
All employee contracts include a confidentiality agreement.
If you think you may have found a security vulnerability, please get in touch with our security team at firstname.lastname@example.org