Security at Correlated

Data security is critical to everything we do at Correlated. Here are all the steps we take to ensure your data is kept secure and to continually earn your trust.

Product + Application security

  • Correlated supports SAML single sign-on through a multitude of identity providers, including best in class options like Okta and Google Workspaces. This allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
  • All data transferred to and stored within Correlated systems are encrypted in transit (using TLS version 1.2 or greater) and at rest (using AES256).
  • Correlated additionally encrypts any sensitive information kept within database systems using AES256, which uses a different encryption key that is regularly rotated.
  • Correlated maintains audit logs for all activity, from the operating system level up to the application, and has automated systems in place to detect illicit activity.
  • Correlated engages with third-party security experts yearly to perform detailed penetration tests on our application and infrastructure.

Network security

  • Correlated services and data are hosted in Google Cloud Platform (GCP) in the USA (us-central1).
  • Correlated infrastructure has been architected with disaster recovery in mind. All infrastructure and data services are spread across availability zones and will continue to work through data center failures.
  • All servers and services are hosted within Correlated's virtual private cloud (VPC) with strict network access control lists (ACLs) that prevent unauthorized access within the network.
  • Correlated uses third party security tools that continuously scan for vulnerabilities, malware, and secrets being stored without using the encryption procedures detailed above.
  • Correlated implements a protocol for handling security events, including escalation procedures, mitigation, and post-mortem review.

Personnel

  • All employees complete security and awareness training.
  • Correlated maintains and frequently updates security policies that cover a wide range of topics, which are shared with all employees.
  • All employees are vetted before hiring including background checks in accordance with local laws, employment verification, and criminal checks for US employees.
  • All employee contracts include a confidentiality agreement.