At Kustomer, we believe Trust from our customers is paramount. Our customers expect the application to be continuously available and properly performing while protecting their data and keeping it private. Security is something that requires many layers of protection throughout the application environment. It starts with team policies and procedures and touches continuous security monitoring tooling and automation built into the software development lifecycle. It’s extends to our partners and trained third-party security professionals that provide guidance, ensure compliance, and validate security across all areas of the organization.
Below are some of the most relevant areas of security that our team focuses and continues to expand upon.
We have worked closely with TrustArc to perform a GDPR readiness assessment across the organization and are actively working towards compliance. We are committed to being compliant by the May 25th 2018 grace period expiration date. Learn more about our readiness here.
EU-US Privacy Shield / Swiss-US Privacy Shield
TrustArc has reviewed and approved our policies and procedures required for EU-US Privacy Shield and Swiss-US Privacy Shield certifications. We are committed to the privacy all of our users PII data.
PCI Level 1
Kustomer leverages Stripe for it’s billing system. Stripe is certified as a PCI Level 1 Service Provider. Additionally, Kustomer directly integrates with Stripe using the recommended strategy for PCI compliance, which ensures all pages are served through TLS and no credit card data goes through Kustomer’s infrastructure.
Kustomer has contracted multiple independent security firms for the purposes of performing application penetration tests twice per year.
Our team has partnered closely with multiple well-respected 3rd party security vendors to perform Application Penetration tests across the product. Each application penetration test results in a full report and re-testing of the issues after they have been addressed within each cycle.
A 3rd party security vendor continuously performs a series of security tests targeted at our team to validate the strength of our policies and procedures across the organization using social engineering tactics.
We’ve implemented a system to continuously alert us of security vulnerabilities in application dependencies monitor our source code’s security using trusted open source tools. These tools are integrated into our continuous delivery pipeline to help prevent security flaws from being released into production, alerting us to any new issues that need to be addressed.
As part of our application penetration tests by a third party, a series of automated security tools are used to scan and find vulnerabilities across the application. Should vulnerabilities be found, our policies and procedures emphasize immediate action to reduce risk.
The Kustomer Application is fully hosted within Amazon AWS which offers a comprehensive set of security benefits. We apply AWS best practices for minimizing access on public endpoints and managing internal access for our team. For more information on AWS Security, please visit: https://aws.amazon.com/security/.
All Services are hosted within a Virtual Private Cloud exposing only the limited hosts/port mappings required for public API and internal access. All services within the VPC are partitioned into various Security Groups to restrict ingress/egress between services and the outside world.
The Kustomer Application’s external endpoints are each protected by an AWS Web Application Firewall (WAF). This protects the application from common web exploits that could affect availability and security.
Kustomer leverages the Amazon AWS Shield, defending against the most common, frequently occurring network and transport layer DDoS attacks that target websites and applications.
Kustomer has implemented common security tools and best practices within our infrastructure including:
Our team has setup and configured an agent on all nodes within our application hosting environment to provide for Intrusion Detection that is integrated with our various monitoring and alerting tools. This provides real-time alerts for compliance requirements and monitoring of anomalous behavior.
File Integrity Monitoring (FIM)
An agent is installed on all nodes within the application production environment to continuously perform File Integrity Monitoring with real-time notifications in the event an untrusted system modification is detected.
User Level SSH Private Key Management
Kustomer has implemented tooling for provisioning user-level access to production nodes. This access must be authorized by our information security team. Once authorized, the security team uses a tool to provision private keys on-demand, to specific categories of machines and remove access when it is no longer required. These requests are rare, and only in situations when a limited set of individuals within the engineering team require access to manage or monitor nodes. Otherwise, user-level private keys are removed from all nodes within production where only root level keys exist. Further, only a subset of individuals in the organization have access to the root level keys.
Continuous Security Monitoring
The team has setup and configured tools to continuously monitor the AWS hosting environment. Configurations are continuously tested for compliance with AWS Best Practices. Additionally, the tooling continually monitors user and process behavior and is setup to detect anomalous file activity.
The Kustomer team has years of experience building secure applications hosted in the cloud. We’ve leveraged this expertise towards building a secure application from the ground up, applying best practices at every step. This includes how code is handled, how sensitive keys are stored in the database, where our log files are stored, and what information gets logged. Additionally, with recent GDPR regulations, this involves applying privacy by design practices as we move forward when building new features or using new services.
All traffic to our application endpoints are encrypted using TLS over HTTPS. All sensitive keys including external api tokens and auth credentials are encrypted at rest using org-specific keys.
Message Redaction is built into the product (Enterprise & Ultimate Plan) where admins can selectively redact sensitive information in messages as well as delete attachments with sensitive info.
A default strong password policy is enforced for all organizations in the product. This helps ensure safety for all of our users who otherwise would put themselves at risk unintentionally.
Through our integration with Google SSO, users can elect to enforce their organization to login using their google account credentials, and as such, choose to require Multi-factor Authentication. This further adds a layer of protection in the event a user’s password is compromised.
Brute Force Login Protection
The system is designed to automatically detect and lock out a series of unsuccessful login attempts to prevent scripts / bots from being written to guess a user’s password.
Machine Users / Role-Based API Tokens
API tokens can be created with a minimal set of access that are used for automating business processes. For example, if an organization wanted to create custom objects from their own proprietary system application, they could provision an API token with Kustomer, provide a specific name for identification purposes in the product (i.e. “My Custom App”), and authorize the role of ‘org.user.kobject.write’ only. If this token was compromised and an attempt to read sensitive customer information and messages made, access would be restricted. Additionally, this token could subsequently be deleted and rotated by an admin user to prevent any future attempts.
In addition to the above application security concerns, the engineering team also gives consideration towards OWASP top 10, CORS, CSRF protection, XSS, hashed passwords with salts, JWT tokens, etc… while developing and reviewing new features.
Information security policies and procedures are communicated to our staff through employee handbooks and training sessions to ensure compliance and general security and privacy of our customer data.
All employees undergo background checks from an independent 3rd party firm before they are hired.
All employees are required to use a password management application setup across the Kustomer organization and maintained by our staff for all Kustomer related passwords.
Kustomer has a documented incident response plan for all urgent issues that impact the production system. Additionally, we have a Security Incident Response Plan, a requirement of GDPR compliance, that we have specialized for handling security incidents properly within the organization from containment to notification of impacted users within a specific timeframe.
If you have any further security questions or concerns, please reach out to us at email@example.com.