Keep Aware announces funding to challenge people-targeted threats | Read the post >>
Get Assessment
Our Promise

Continuous Investment in our Security

At Keep Aware, security stands as our utmost priority. It takes precedence in every aspect of our company and product development, guiding all design and process considerations. We aim to instill confidence in our customers as a trusted service provider, enabling them to understand the measures we take to safeguard their environment and secure our platform.

Our Security Program

Corporate Governance

Confidentiality

Every employee and contributor to Keep Aware must sign agreements that require them to protect the confidentiality of clients and sensitive information they may access while doing their jobs.

Authentication & MFA

Employees must use multi-factor authentication to access any external or internal system that handles confidential customer data.

Awareness

As a user awareness company, we prioritize security training and awareness in the workplace. Every employee participates in monthly security awareness training and our own internal Keep Aware solution.

Compliance

SOC 2 Type II

Keep Aware continuously assess our controls through Vanta, ensuring that our environments are closely monitored. Additionally, we conduct annual audits with one of Vanta’s trusted auditing partners to maintain the highest standards. Our audit period extends from January to April each year, and you can obtain our report from your dedicated account team. Read about our most recent SOC 2 update.

Product Security

Data Security

 All systems that store or transmit customer data are encrypted at rest using 256-bit Advanced Encryption Standard (AES-256) or stronger.

● All Keep Aware clients, users, and products use TLS/SSL when communicating with deployments for sensor activity, data transfers, and API calls. (TLS 1.2 at a minimum)

● Only designated Keep Aware employees and providers can access customer data. An overview of the Keep Aware members with access to a deployment can be viewed and requested by customers at any time.

Providers

Keep Aware utilizes Amazon Web Services (AWS) and Elastic Cloud to host and monitor services that make up our products. Our list of sub-processors is maintained here: Sub-processors.

Authentication

Keep Aware does not store passwords outside of the Identity Provider services provided by Amazon Web Services. Customer environments require MFA for all accounts or a custom third-party IdP integrated by the customer.

Role-Based Access Controls

The Keep Aware console supports role-based access control by all permissions to be individually applied or revoked from any account or  API credentials.

Logging and Alerting

● Logs are collected and sanitized for console and sensor communications. Meaningful interactions are recorded so customers can understand events taking place against their data. These logs are retained for at least 30 days.

● Alerts and rate-limiting are set internally to protect customer environments. Rate-limiting is set for both console and sensor environments.

Secure Software Development Lifecycle

● All code pushed to production environments requires a mandatory peer review and tests embedded in our product to verify correctness, best practices, and security.

● Keep Aware conducts internal data flow and architecture reviews quarterly. High-level documentation of these reviews and change logs can be provided to customers upon request.

See why businesses choose Keep Aware as a trusted security partner.

Discover why enabling your team with browser security
is the next important security initiative.
Meet with our team