Usegate follows security best practices so our customers can focus on their business. Usegate applies security controls at every layer, isolating customer data from threats and rapidly deploying security updates without service disruption.

Security Assessments and Compliance

Usegate's physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

• ISO 27001
• SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
• PCI Level 1
• FISMA Moderate
• Sarbanes-Oxley (SOX)

Data Security

HTTPS and SSL database connections are enforced to ensure sensitive data is protected when in transit.

Usegate protects customers' data at rest using server-side encryption with AWS KMS–managed keys.

Secure development practices are applied to mitigate known vulnerability types such as those on the OWASP Top 10 Web Application Security Risks.

Usegate's identity solution is powered by Auth0, a modern enterprise identity platform that offers adaptive authentication with MFA and anomaly detection.

Access to Customer Data

Usegate staff does not access or interact with customer data as part of normal operations. There may be cases where Usegate is requested to interact with customer data at the request of the customer for support purposes or where required by law. Customer data is access controlled and all access by Usegate staff is accompanied by customer approval or government mandate, reason for access, actions taken by staff, and support start and end time.

Network Security

Firewalls are utilized to restrict access to systems from external networks. By default all access is denied and only explicitly allowed ports and protocols are allowed based on the system needs.

DDoS mitigation techniques including TCP Syn cookies and connection rate limiting are employed.

System Security

Operating system access is limited to Usegate staff and username, password and MFA authentication is mandatory.

We undergo penetration tests, vulnerability assessments, and source code reviews to assess the security of our application, architecture, and implementation.

Production system settings are stored in an encrypted form and safely stored. The settings are only decrypted and loaded when the system boots up in the production environment.

Backups

Every change to your data is backed up on secure, access controlled, and redundant storage. Your data is restored from these backups in the event of an outage.

Employee Screening and Policies

As a condition of employment all Usegate employees undergo pre-employment background checks and agree to company policies including security and acceptable use policies.

Privacy

Usegate is committed to customer privacy and transparency. Usegate has a published privacy policy that clearly defines what data is collected and how it is used.