Security
Security is paramount to Vurbalize's customers and to Vurbalize. Security at Vurbalize has multiple facets. Here are all the ways in which we keep security front and center in everything we do.
Penetration Testing
Vurbalize conducts thorough system checks at least once a year with industry-leading cybersecurity. Our product and cloud systems are fully open for these examinations, with the testers having access to our source code for optimal results. We make summaries of these penetration tests available in our Trust Report.
Vulnerability Scanning
Vurbalize performs vulnerability checks at crucial stages in our Secure Development Lifecycle (SDLC):
- Static analysis of code during code reviews and continuously
- Analysis of our software for known vulnerabilities
- Scanning to prevent malware in our software
- Dynamic testing of active applications
- Regular network vulnerability scanning
- Continuous monitoring of new assets that are externally facing
Enterprise Security Device Protection
Vurbalize keeps all company devices under control with mobile device management software and malware protection. We consistently monitor device security alerts. We ensure devices are set up securely, such as disk encryption, screen lock configuration, and software updates.
Vendor Security
Vurbalize evaluates vendors based on risk, considering factors such as:
- Access to customer and company data
- Integration with production environments
- Potential harm to Vurbalize's reputation
Once we identify the inherent risk, we assess the vendor's security to decide on approval.
Secure Remote Access
Vurbalize uses secure remote access to internal resources, and use malware-blocking DNS servers to protect employees and their devices while online.
Security Training
Vurbalize offers all employees robust security training, both during onboarding and annually. This training includes a mandatory live session on key security principles for all new hires. In addition, new engineers are trained in secure coding practices. Our security team regularly updates employees on threats requiring attention or action.
Identity and Access Management
Vurbalize uses Google to manage identities and access. Access to applications is based on an employee's role and is automatically revoked upon employment termination. Any additional access requires approval as per app-specific policies.
Data Privacy
Vurbalize prioritizes data privacy and aims to responsibly manage all sensitive data.
Regulatory Compliance
Vurbalize is SOC 2 compliant and continually reviews updates to regulations and evolving frameworks to refine our program.