TigerEye Labs Inc. Security Overview
Sales and customer data is critical to your business and we take the security of customer data extremely seriously. We host TigerEye using comprehensively hardened infrastructure-as-a-service (IaaS) on Google Cloud.
TigerEye successfully completed a SOC 2 Type II independent audit. The SOC 2 report provides assurance that we have designed effective security controls as defined by the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA). Our SOC2 report is available to customers upon request.
ISO 27001 is recognized globally as the premier information security management system standard.
- TigerEye will allow authentication using Single Sign On (SSO) via SAML and OIDC. TigerEye does not store any passwords for accounts using SSO. For basic authentication, passwords are securely hashed and salted using industry standards.
- Our web servers encrypt data in transit using the industry standard for HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man- in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
- All persistent data is encrypted at rest using industry-standard AES-256 algorithms.
- TigerEye has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
- All TigerEye employees are trained on security best practices and awareness during onboarding. We perform annual disaster recovery and data restoration tests.
- All employee computers have MDM that enforce our security policies like administrative access, screen lockout, strong passwords, encrypted disks and virus scanners. No Windows computers or servers are used at all other than in isolated testing environments.
- We use Okta to verify employee account identity and require two-factor authentication for apps that access critical infrastructure or customer data.
- All employee contracts include a confidentiality agreement.
- All changes to source code are subject to automated testing and any that affect security require pre-commit code review by a qualified engineering peer that includes security, performance and potential-for-abuse analysis.
- All code is deployed to a staging environment for quality assurance and automated tests must pass prior to updating production services.
- Client code utilizes multiple techniques to ensure that using the TigerEye app is safe and that requests are authentic, including XSS and CSRF protection, signed and encrypted user authentication cookies and session expiration.
- We engage third-party security experts to perform detailed penetration tests on the TigerEye app and infrastructure.
- TigerEye implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our protocols
If you have a security concern, question, or are aware of an incident, please send an email to firstname.lastname@example.org, a carefully controlled and monitored email account.
Last updated 30 August, 2022