Auditing & Compliance

Security Is The Heart

Of Our Business

Akeyless puts security and compliance at the heart of its service. The confidentiality, integrity and availability of our customers’ data is our top priority.

Compliance with international standards

Akeyless is proud to maintain world-class compliance and security standards, including SOC 2 Type II and ISO 27001 compliance. In addition, Akeyless is the first secrets management solution to achieve National Institute of Standards and Technology (NIST) FIPS 140-2 validation, going above and beyond to keep your secrets safe.

Enable your security audits and initiatives

Using Akeyless, encrypt in motion (and at rest) using the most updated protocols (TLS 1.2 and up). In addition, get access to comprehensive audit logs and SIEM integration for your own monitoring and compliance initiatives. Through your IDP, use Akeyless to inherit two-factor authentication for reinforced security across your organization.

Built into our DNA

Akeyless is built on a patented encryption technology, DFC™, which is NIST FIPS 140-2 validated. Designed to keep ownership of data in your hands, this technology backs all encryption and decryption of data in Akeyless. Rest easy knowing your data is safe.

Reliability at the core

We have built Akeyless to be fortified against uncertainty. When the inevitable happens, we want our customers to keep the lights on. By spanning our infrastructure across multiple cloud platforms, regions, and availability zones, our platform is highly available and reliable.

FAQ

Akeyless has an Incident Response and Business Continuity Plan that allows the company to react to incidents in a timely manner and be prepared for anything that might happen. Akeyless also maintains a Data Backup and Snapshot Policy with restoration capabilities in common industry timelines. Databases are replicated across multi regions and multi cloud operations.

In addition, Akeyless is deployed on multi-availability zones and multi-regions. When a zone or an entire region is not functioning, Akeyless will continue to operate. The multi-region deployments are used for a Geolocation based policy, which ensures high availability and latency.

For Disaster Recovery, Akeyless uses inherent features like multi-region read replicas, versioning, and snapshots to ensure high availability of customer’s data.

Akeyless ensures security at the database, application, and infrastructure levels of the product.

From day one, Akeyless develops software with security in mind. From the developer who writes the code to the automated tools that scan for vulnerabilities, every piece of code is inspected.

In addition, Akeyless regularly conducts penetration tests to identify gaps in either the security of its application and its infrastructure. Any gaps that are identified are mitigated according to their level of risk and retested.

Akeyless has developed a set of security policies to dictate the way security is implemented internally. All policies are reviewed and updated annually to the latest security practices.

All Akeyless employees and contractors must pass background checks and sign a confidentiality agreement. When they begin working at Akeyless, they undergo security training, which they must renew at least once a year. In addition, developers go through a secure development training to ensure the security of the code and resulting products.

Akeyless uses cloud service providers with best-in-class security, ensuring that no third party will increase the level of information security risk at Akeyless.

In addition, the patented Akeyless NIST FIPS 140-2 validated DFC™ technology provides proactive insider threat attack protection since neither Akeyless nor the cloud service providers have access to customer secrets and keys. Learn more here.

We’re happy to answer any questions you have at [email protected].

See the Akeyless Vault in Action