Security at ConductorOne
At ConductorOne, our team is composed of long-time experts in security, identity, and infrastructure, who have built products from the ground up with highly secure environments.
We understand that our own security and privacy practices are mission-critical to our ability to provide modern privileged access and governance for our customers.
ConductorOne is SOC2 Type2 certified
Employee Access
- Internal systems use SSO and multi-factor authentication whenever possible
- Secure password vaults are used for storing credentials when SSO is not supported by a system
- Customer API Keys or secrets are not accessible from any internal tooling or dashboards
- Background checks are performed annually for all employees
- Security training is provided annually for all employees
Network
- Employees do not have access to production servers (we only use AWS EKS Managed Node Groups with no remote access)
- No workstations have network access to staging or production environments
- WiFi in offices provides no additional permissions or authorization grants
Data & Infrastructure
- Tenant isolation is ensured through decryption controls within tenant boundaries
- Traffic to ConductorOne is encrypted using TLS 1.2 and greater
- Internal services and traffic use mutual TLS
- Objects are stored and encrypted at rest in AWS DynamoDB
- API keys and secrets are encrypted with AWS KMS symmetric keys and encrypted again at rest in storage
- Internet-facing API services are unable to decrypt data
- Explicit firewall rules govern all service communications
- Services employ highly specific security groups, managed in code
Service Availability
- Our infrastructure is deployed across multiple availability zones (US West2 and US East2)
- Disaster recovery dry-runs performed annually
- Data in our object store (DynamoDB) is backed up continuously
- Data is replicated across AWS regions
Contact our Security team
- To report security or privacy issues that affect ConductorOne, please contact security@conductorone.com.
High Level Architecture
ConductorOne is built for security and scale on a modern technical architecture
