TRUST > SECURITY
Security is Part of our Culture
Security at Snapdocs is not about how many controls are implemented or the number of certifications. It’s a mindset and it’s built into our products and how we conduct business.
The Snapdocs Security Pledge
Snapdocs strives to meet the most stringent security and privacy requirements, so you can easily adopt the right products that deliver positive outcomes for your business.
Advanced and persistent threats have been targeting cloud based financial services for a long time and are only getting more sophisticated. With Snapdocs you can rest assured that the transmission of data as well as the data that resides in our cloud, is protected. By building Security and Privacy into the design of our products we enable you, our customers, to easily adopt Snapdocs as part of your business operations. You can do this with confidence, knowing that your data, processes, and outcomes are delivered in a safe environment.
How Snapdocs ensures Customers have a safe and secure experience on the platform
Snapdocs employs asset and data classification guidelines to ensure your security needs and priorities receive the right level of protection. Snapdocs protects your data by maintaining strict isolation between production and development environments. Depending on the product being consumed, some level of control may be passed along to you given the cloud security shared responsibility model. Security policies at multiple layers are applied to limit access to Snapdocs workforce members who possess a legitimate business need for such access. Additionally, data is de-identified where needed and transmitted in encrypted form using Transport Layer Security (TLS). Encryption keys are then protected.
At Snapdocs product security is fundamentally about protecting the applications and services that we build along with the supporting platform and ecosystem which stores and processes your sensitive data. The concept of ”Security and Privacy by Design” is ingrained in our engineering practices. Our Secure Software Development Lifecycle (S-SDLC) framework serves during the development process to secure applications and services. Following S-SDLC empowers our Engineering Teams to: 1) apply the appropriate architecture and design, 2) understand threats and choose the right controls for protection, 3) conduct proper security testing, and 4) remediate vulnerabilities before production deployment.
Infrastructure and Platform Security
Snapdocs employs industry-leading technical controls at the infrastructure and platform layers to ensure threat mitigation capabilities meet stringent requirements and are highly effective. Snapdocs understands that isolating environments is key to reducing blast radius and, therefore, risk to Customers. We leverage virtualization technologies at specific layers to ensure that application runtimes are separated from the operational and control elements in the network. This separation allows the user and application interactions to be monitored from the specific application instance and user, in and out of the Internet, and through all the services. Snapdocs regularly audits its network security posture and specific technologies to verify they are compliant with policies and technical standards and has implemented penetration testing procedures to further validate effectiveness of the applied controls.
Managing Identity and Access
At Snapdocs we believe security starts with establishing identities for objects of interest—including people, applications, and data—defining relationships for those objects, and enforcing appropriate controls for how these identities access resources. Snapdocs applies this mindset to how we build our products, secure data, and manage customers. Snapdocs, therefore, supports sophisticated mechanisms to prove identities, create roles across the ecosystem, and effectively authenticate and authorize access while privileged accounts are further contained and managed.
Encryption and Key Management
Reliable encryption ensures that data is secure at rest and in transit. Snapdocs encrypts at different layers based on the product, to ensure that data is exposed on a need-to-know basis. Snapdocs supports key management systems, and public and private key infrastructures for effectively protecting and managing keys and certificates. Application and service accounts are vaulted to further protect them from illegitimate access.
End-user devices are protected by several layers of controls to ensure that the work that is conducted via these devices is done so in a safe and secure fashion. Controls such as endpoint threat detection, mitigation and response, malicious website protection and proper patching are maintained so that the end-user has a safe experience. Similarly, cloud endpoints that support Snapdocs products are built using secure configurations, undergo effective vulnerability management, and protected via cloud endpoint threat detection, mitigation and response tools.