Trust & Security

Veza is the identity security platform for the modern enterprise

Sign up for a free trial

Our security values

Security is a first-class citizen at Veza, considered during the design phase and carried all the way through to implementation, deployment, and operations. We embrace industry best practices including regular independent penetration testing, data-at-rest and inflight encryption, strict production access RBAC controls, complete tenant isolation and zero external access by design. Veza also consumes its own products to monitor and assure the security of its production, development, and testing environments.

Establish Trustworthiness

We design into all our business, development, and operational processes to maintain the confidentiality, integrity, and availability of our customers’ data.

Demonstrate Trustworthiness

We stand ready to explain and demonstrate the safeguards we’ve implemented and meet customers’ security obligations to their customers.

Deepen Trustworthiness

Technology, regulations, and business change quickly. Veza is committed to adapting and improving our safeguards to ensure the data our customers entrust to us is always protected.

Dave Farrow, VP, Information Security, Barracuda Networks
From a security best practice perspective, the principle of least privilege is understood as a core need. And in order to implement the principle of least privilege, you have to be able to see who has privilege to what, and be able to continuously manage that. That's what we get with Veza.
Dave Farrow | VP, Information Security, Barracuda Networks
View the case study

Secure on all fronts

SaaS Security

-Regular penetration tested by 3rd parties
-Protection by firewall
-Veza-on-Veza to proactively self-monitor and assure the security of the access landscape
-Multi-Factor Authentication required for all dev environments
-Strict tenant isolation

Platform Security

-End to end TLS encryption for the data pipeline
-Zero external access beyond published APIs

Product Security

-Review and vulnerability scan for source code
-Vulnerability scan for product before deployment

Operational Security

-Full auditing of all activity
-Severely restricted least-privilege RBAC operational access
-Security training for all employees

SOC 2 Type II

Veza is both SOC 2 Type I and SOC 2 Type II compliant, demonstrating our dedication to security and compliance across the organization, processes, people, and technology.

ISO 27001

ISO 27001 certification demonstrates Veza’s commitment to implementing and maintaining an effective information security management system. Veza’s ISO certification can be verified at Schellman

Learn More

Case Study

FinTech leader conducts faster, easier access reviews for PCI DSS and ISO 270001

Learn More

Cheat Sheet 5 Best Practices for Securing Data in a Multi Cloud Environment thumbnail
Cheat Sheet

5 Best Practices for Securing Data in a Multi-Cloud Environment

Learn More

Ready to learn more about Veza’s Access Control Platform?