Security

Virtual Private Cloud

Customer data is stored in a secure Virtual Private Cloud (VPC) hosted in Amazon Web Services and Google Cloud Platform Services. Our data infrastructure resides in the United States. VPC is further segmented for security and manageability.

We place reliance on Google’s and AWS’s audited security and compliance programs for the efficacy of their physical, environmental, and infrastructure security controls. Google provides a monthly uptime percentage to customers of at least 99.5%. You can find more information about the controls, processes, and compliance measures implemented by Google on their publicly available Compliance Resource Center.

AWS guarantees between 99.95% and 100% service reliability, ensuring redundancy to all power,
network, and HVAC services. The business continuity and disaster recovery plans for the AWS
services have been independently validated as part of their SOC 2 Type 2 report and ISO 27001
certification. AWS’s compliance documentation and audit reports are publicly available at the
AWS Cloud Compliance Page and the AWS Artifacts Portal.

Role-based access

Users are restricted to accessing only the required information and systems that are necessary to perform their job. This effectively enforces segregation of duties.

Data and Network Encryption

Data in transit and Data in rest are both encrypted. Communication is encrypted using TLS 1.2 or 1.3 and 2,048 bit keys or better for secured transmission.

Configuration Management

Our product infrastructure enforces multiple layers of filtering and inspection on all connections across our web application, logical firewalls, and security groups. Network-level access control lists are implemented to prevent unauthorized access to our internal product infrastructure and resources. By default, firewalls are configured to deny network connections that are not explicitly authorized. Changes to our network and perimeter systems are controlled by standard change control processes. Firewall rule sets are reviewed periodically to help ensure that only necessary connections are configured.

Automation drives Digital Muzes’ ability to scale with our customers’ needs and rigorous configuration management is baked into our day-to-day infrastructure processing. The product infrastructure is a highly automated environment that expands capacity as needed. All server configurations are embedded in images and configuration files, which are used when new containers are provisioned. Each container includes its own hardened configuration and changes to the configuration and standard images are managed through a controlled change pipeline.

Data Protection

Customer Data Protection

We leverage several technologies to ensure stored data is encrypted at rest. Platform data is stored using AES-256 encryption. User passwords are hashed following industry best practices, and
are encrypted at rest.

System Backups

Encryption keys for both in transit and at rest encryption are securely managed on our
platform. TLS private keys for in transit encryption are managed through our content delivery
partner. Volume and field level encryption keys for at rest encryption are stored in a hardened Key
Management System (KMS). Keys are rotated at varying frequencies, depending upon the sensitivity
of the data they govern.

Physical Backup Storage

Because we leverage public cloud services for hosting, backup, and recovery, Digital Muzes does not
implement physical infrastructure or physical storage media within its products. Digital Muzes does not
produce or use other kinds of hard copy media (e.g., paper, tape, etc.) as part of making
our products available to our customers.

Web Application Defenses

All customer content hosted on the platform is protected by firewall and application security. The
monitoring tools actively monitor the application layer and can alert on malicious behavior based
on behavior type and session rate. The rules used to detect and block malicious traffic are aligned
to the best practice guidelines documented by the Open Web Application Security Project
(OWASP), specifically the OWASP Top 10 and similar recommendations. Protections from
Distributed Denial of Service (DDoS) attacks are also incorporated, helping to ensure customers’
web sites and other parts of Digital Muzes products are continuously available.

Skip to content