Our security values
Security is a first-class citizen at Veza, considered during the design phase and carried all the way through to implementation, deployment, and operations. We embrace industry best practices including regular independent penetration testing, data-at-rest and inflight encryption, strict production access RBAC controls, complete tenant isolation and zero external access by design. Veza also consumes its own products to monitor and assure the security of its production, development, and testing environments.
We design into all our business, development, and operational processes to maintain the confidentiality, integrity, and availability of our customers’ data.
We stand ready to explain and demonstrate the safeguards we’ve implemented and meet customers’ security obligations to their customers.
Technology, regulations, and business change quickly. Veza is committed to adapting and improving our safeguards to ensure the data our customers entrust to us is always protected.
Secure on all fronts
-Regular penetration tested by 3rd parties
-Protection by firewall
-Veza-on-Veza to proactively self-monitor and assure the security of the access landscape
-Multi-Factor Authentication required for all dev environments
-Strict tenant isolation
-End to end TLS encryption for the data pipeline
-Zero external access beyond published APIs
-Review and vulnerability scan for source code
-Vulnerability scan for product before deployment
-Full auditing of all activity
-Severely restricted least-privilege RBAC operational access
-Security training for all employees
SOC 2 Type II
Veza is both SOC 2 Type I and SOC 2 Type II compliant, demonstrating our dedication to security and compliance across the organization, processes, people, and technology.