Security Centre¶
Security is of paramount importance at Enclave. To ensure we maintain a safe and secure environment for customers, we use a variety of industry-standard technologies and practices managed by our security team.
Achieving it starts with our agile development process and use of continuous integration, which allow for quick resolution of both security and functional issues, and our strict adherence to a security centric change and incident management programs.
We regularly train all employees, technical and non-technical, to prioritise and maintain high security standards. If you have any questions, concerns, or encounter any issues, please contact us at security@enclave.io.
-
Security Practices
Read about the security practices that keep our customers safe
Sub-processors¶
Under GDPR, a sub-processor is any business or contractor through which customer data may pass as a side effect of using Enclave.
We use partners for some business processes that are not core to our expertise but are critical to our customers having a quality experience. Here is our list of sub-processors:
| Partner | Usage |
|---|---|
| GitHub | Customer interactions (support tickets) |
| Customer interactions (email, forms) and analytics (web) | |
| HubSpot | Customer Relationship Management, Sales and Marketing |
| Sentry | Application error tracking and reporting |
| Slack | Customer interactions |
| Stripe | Customer payments |
| PayPal | Customer payments |
Third party providers¶
In addition to our sub-processors, we engage with third-party providers who play a crucial role in supporting our services but do not process customer data. Below is our list of providers who contribute to various aspects of our service delivery without directly interacting with, or handling customer data:
| Partner | Usage |
|---|---|
| Cloudflare | DDoS protection |
| GitHub | Developer code repository |
| IpData | GeoIP database lookups |
| Microsoft Azure | Cloud Infrastructure for Enclave services |
| Netlify | Website hosting |
Product Security Features¶
Customer Data¶
Enclave customers retain complete sovereignty over their network data.
Due to the design and architecture of Enclave, no third parties (including Enclave) will ever have access to a customer's network or network data, under any circumstances, ever.
All network connectivity established by Enclave is peer-to-peer and end-to-end encrypted with perfect forward secrecy. Each encrypted session is always mutually authenticated, and the private keys used to establish and secure these sessions are sovereign to each enrolled system in a customer's account.
That is to say, each system's private key material is generated, encrypted, and stored locally to each system and never exported.
The Enclave platform acts only as a repository for administrators to define policy which is then distributed to enrolled systems running Enclave software. Once an enrolled system running Enclave receives policy from the platform, it acts with autonomy to establish peer-to-peer connectivity and caches that policy locally until subsequent updates invalidate it.
SSO¶
Enclave supports all major Enterprise Identity Providers, including Microsoft, Google, GitHub, Okta, Duo, JumpCloud, as well as supporting any compatible OpenID Connect SSO provider for customers desiring more control over authentication.
These integrations allow customers to protect their networks with their identity provider of choice, while eliminating separate VPN credentials for users.
MFA¶
In addition to SSO integrations, Enclave also supports username and password based logins with multi-factor authentication (MFA), available using time-based one-time password (TOTP) codes.
Access Logging¶
All access to Enclave is logged and made available to administrators in their account portal. All agent-based deployments of Enclave conduct local logging which can be exported to facilitate integration with customer security monitoring systems.
Data Security¶
Enclave operates strictly on the principle of least privileges. Only those with a strict business need to access data are allowed to do so, and elevated access is both logged, and revoked after use.
We employ multiple layers of authentication and access control to ensure only those authorized to access data are allowed to do so and monitor that access in real-time, alerting us to suspicious activity.
System And Software Security¶
Enclave's systems are hosted in secure server environments which are ISO 27001 & 27017, PCI DSS Level 1, and SOC 1 & 2 & 3 compliant, utilising advanced security technologies that include biometric and hardware token identification.
-
All Enclave systems are hardened and regularly updated with the latest security patches.
-
All systems are monitored in real-time and regularly audited to ensure they remain in compliance.
Auditing & Monitoring¶
All systems are audited by our security engineers on at least a quarterly basis: the more sensitive the data, the more frequent the audits. In the most extreme cases, they are conducted daily. We employ multiple real-time monitoring system with 24/7 alerting to inform us of violations of policy as well as suspicious activity that may indicate a compromise.
Physical Security¶
All data centers used by Enclave are ISO 27001, SOC 1 & 2 certified. Access to facilities are restricted to authorized users via electronic means, including biometrics. All facilities are monitored by professional security staff.
Other Security Frameworks¶
In addition to the above, Enclave adheres to the General Data Protection Regulation (GDPR), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) frameworks.
Last updated Feb 19, 2024