ConductorOne Unveils Access Requests
ConductorOne

Security at ConductorOne

At ConductorOne, our team is composed of long-time experts in security, identity, and infrastructure, who have built products from the ground up with highly secure environments.

We understand that our own security and privacy practices are mission-critical to our ability to provide modern privileged access and governance for our customers.

c1-security-hero.png
21972-312_SOC_NonCPA.png

ConductorOne is SOC2 Type2 certified

Employee Access

  • Internal systems use SSO and multi-factor authentication whenever possible
  • Secure password vaults are used for storing credentials when SSO is not supported by a system
  • Customer API Keys or secrets are not accessible from any internal tooling or dashboards
  • Background checks are performed annually for all employees
  • Security training is provided annually for all employees

Network

  • Employees do not have access to production servers (we only use AWS EKS Managed Node Groups with no remote access)
  • No workstations have network access to staging or production environments
  • WiFi in offices provides no additional permissions or authorization grants

Data & Infrastructure

  • Tenant isolation is ensured through decryption controls within tenant boundaries
  • Traffic to ConductorOne is encrypted using TLS 1.2 and greater
  • Internal services and traffic use mutual TLS
  • Objects are stored and encrypted at rest in AWS DynamoDB
  • API keys and secrets are encrypted with AWS KMS symmetric keys and encrypted again at rest in storage
  • Internet-facing API services are unable to decrypt data
  • Explicit firewall rules govern all service communications
  • Services employ highly specific security groups, managed in code

Service Availability

  • Our infrastructure is deployed across multiple availability zones (US West2 and US East2)
  • Disaster recovery dry-runs performed annually
  • Data in our object store (DynamoDB) is backed up continuously
  • Data is replicated across AWS regions

Contact our Security team

High Level Architecture

ConductorOne is built for security and scale on a modern technical architecture
Architecture Diagram