At Akeyless, our top concern is protecting our customers’ most sensitive information – their secrets; credentials, certificates and encryption keys.
We put a lot of effort in order to be compliant with the top standards and regulations available:
First secret management solution to meet the National Institute of Standards and Technology (NIST) FIPS 140-2 validation.
SOC 2 compliance is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform.
ISO/IEC 27001 is the international standard for information security, ensuring information security is kept by addressing people, processes and technology.
Get the best secrets security solution in the market. Your secrets, which are your most valuable assets, are kept secured threw their entire lifecycle
All your secrets and keys are encrypted via Akeyless Distributed Fragments Cryptography™ (DFC) technology where encryption keys never exist as whole. Together with Akeyless Customer Fragment approach, your sensitive information cannot be accessed by Akeyless nor any other third party.
All data transfers are encrypted using the most updated protocols (TLS 1.2 and up) in order to keep your secrets secure at all times.
Use audit logs to monitor anomalies, assist in forensics, and demonstrate compliance.
Akeyless integrates with various SIEM solutions in order to provide monitoring, reporting and alerting capabilities.
Akeyless inherits 2FA authentication established in your third-party IdPs.
SOC 2 Type II Attestation provides an assurance that Akeyless meets and exceeds the highest standards of information security. SOC2 Type2 means that all security controls are not only presented and implemented, they are also effective which gives our customers the highest assurance in our security.
ISO 27001:2013 is the de-facto standard for information security management. It dictates various steps (like asset mapping and risk assessment) that helps the organization improve its information security management.
FIPS 140-2 is the assurance that our cryptographic controls provide a secure framework for our customer’s information. It is tested and approved by the US National Institution of Standards and Technology.
All Akeyless employees and contractors must pass background checks. Upon onboarding, all employees sign a confidentiality agreement. On their first day, all employees go through security training. During employment, employees get security training at least annually. Developers go through a secure development training to ensure the security of our code and products.
Akeyless developed an array of security policies in order to manage and dictate the way security is implemented. All policies are reviewed at least annually and are adjusted to changes in the information security field.
Akeyless uses top cloud service providers who provide state of the art security in the platforms. This complies with our approach that no 3rd party will increase the level of information security risk of Akeyless. Additionally, Akeyless DFC Technology can provide proactive insider threat attack protection, where neither Akeyless nor the CSP have access to the customers secrets and keys (assuming Zero Knowledge is enabled by the customer).
No company is immune from security and business continuity incidents. For that reason, Akeyless has developed an Incident Response Plan and a Business Continuity Plan that allows the company to react to incidents in a timely manner and be prepared
Application level security is essential to secure our customer’s secrets, but the security is not completed without implementing a secure infrastructure. Akeyless implements a secure infrastructure approach with using stat of the are security measures in its infrastructure.
Akeyless platform runs from different global regions and cloud service providers in order to eliminate the risk of service outage and to provide continuous service.
All data in transit is encrypted via TLS 1.2 and above and SSH.
All data at rest is encrypted using our patented Distributed Fragments Cryptography and standard cryptographic algorithm which ensures that your data is only accessible to you and even not to Akeyless
Akeyless maintains a Data Backup and Snapshot Policy that requires restoration capabilities within common industry timelines. Databases are replicated across multi regions and multi cloud operations.
Akeyless SaaS platform is deployed on multi availability zones and multi regions for cross az and cross region high availability. So when a zone or an entire region is not functioning the service continues to operate. Additionally, the multi-region deployments are used for Geolocation based policy.
For Disaster Recovery Akeyless also uses inherent features like multi regions read replicas, versioning, and snapshots to ensure high availability of the customers data.
Akeyless application is developed with secure development concepts in mind. Starting from the developer who writes the code and going through a secure code review, every piece of code is inspected in order to identify potential vulnerabilities.
Akeyless is conducting penetration tests on a regular basis in order to identify gaps in both the security of its application and its infrastructure. The gaps identified are mitigated according to their level of risk and are retested in order to assure that they pose no risk to the solution.
Akeyless supports a very wide variety of Authentication methods for both machine access and human access.
For machine access, Akeyless supports:
For human access, Akeyless supports LDAP, SAML, OIDC , and JWT, which are used by known identity providers such as Okta, Azure AD, and others. In cases where MFA is required, the settings will take place on the Identity Provider’s configuration system, as Akeyless isn’t the Identity Issuer.
Akeyless also supports the use of API Keys for authentication of both human and machine identities.
Akeyless integrates with various SIEM solutions in order to provide monitoring, reporting and alerting capabilities. Akeyless logging system take note of all the system/application logs, event logs, error logs and user activity logs.In addition, Using the Akeyless Log Forwarding System, you can transfer all the logs to your log server.
Supported logs services:
If you have found a vulnerability in Akeyless, please contact our security team by clicking the button below.