Blog

Designed with Enterprise-Grade Security in Mind

by Ashish Jotwani November 30, 2016 | 3 min read

As PagerDuty continues to evolve and innovate beyond traditional incident management with new products and capabilities in digital operations management, a key area of focus has been ensuring security always remains at the heart of our platform. In order for powerful capabilities around Event Intelligence and Response Orchestration to be adopted across the enterprise, we understand that for many, security tops the long checklist of requirements.

For this reason, PagerDuty was designed with enterprise-grade security in mind. This includes everything from the design of our infrastructure to the industry regulations and standards we comply with and have been certified against, to the admin access control tools we provide.

The Infrastructure Used to Secure Your Data

PagerDuty ensures data protection with encryption of all data in transit and at rest. All server-to-server communication is secured with IPSec at the transport layer, while all data at rest is encrypted using AES-256 bit encryption across all data centers.  

We employ custom firewalls on every server, as well as continuous port scanning to make sure we offer a platform that is secure to the highest standards, in addition to being highly available and reliable.

Independent Verification and Compliance Measures

The data centers we use are ISO 27001 and FISMA certified to ensure that top security measures are always in place. We also have regular security scanning and audits across critical components of our architecture by trusted independent third parties, to deliver a secure environment you can trust.

PagerDuty recently joined the Cloud Security Alliance (CSA), a highly reputable non-profit organization that promotes and provides education around cloud security best practices. Working with the CSA is an important part of our commitment to security and transparency, and PagerDuty’s security self-assessment is available on the CSA’s Security, Trust & Assurance Registry (STAR). STAR is a publicly available registry that details the security controls, assurance requirements, and maturity levels of various cloud computing services from companies like Microsoft, Amazon, Salesforce, and more.

Enterprise-Grade Access Control

Custom Permissions enable fine-grained role-based access control (RBAC) within PagerDuty to manage user level access to Services, Schedules, and Escalation Policies. Instead of being limited to a fixed set of roles that may provide a user more access than necessary, Account Owners and Admins have the ability to create custom roles at the user level so users are granted only the permissions they need.

A role can be customized to manage how the user can interact with individual Services (and their related incidents), Schedules, and Escalation Policies, providing far more granular access control to restrict permissions. These controls are applied across the platform, including user-level API access.

This functionality allows enterprise-wide security and access control policies to be enforced through PagerDuty. Organizations can meet compliance requirements as well as increase team productivity by ensuring users can only interact with objects directly related to their role.

enterprise-security

Please reach out to support@pagerduty.com if you are interested in enabling Custom Permissions for your account.

Learn more about PagerDuty’s enterprise-grade security and controls. With PagerDuty, you can manage your digital infrastructure end-to-end with a platform that has security architected into every layer, for a secure environment you can trust.