Working in Amazon Web Services
ChurnZero is wholly hosted in the Amazon Web Services Public Cloud (AWS). All AWS security best practices are adhered to. ChurnZero employs a least access security methodology. Users with access to the platform are given the minimum level of access required for their job function, and access is audited every 90 days.
DevOps User Access
Encryption In Transit
Encryption At Rest
Malware and Virus Scanning
Customer data may only be accessed through the application layer. Whether this access is through the user interface or through the publicly available API, it enforces user access controls to regulate access to customer data only to authorized users. As such, ChurnZero does not provide direct access to any database. This approach prevents unauthorized services or systems from accidentally or maliciously retrieving or modifying customer data.
Role Based Access Control
User Session Expiration
Continuous Security Monitoring
The ChurnZero application stack is continuously monitored for vulnerabilities and anomalies. We work with industry leaders like AlienVault, Detectify and Datadog to have deep, real-time visibility across our infrastructure in order to maintain continuous security for our customers and their data.
- Alerting on suspicious network activity such as command and control connections out of the environment and external scans into the environment,
- Alerting on API calls to the infrastructure which do not follow cloud infrastructure best practices, in all aspects of AWS services, including data services, serverless computing services and compute services,
- Auditing our infrastructure daily to ensure it adheres to AWS security best practices,
- Alerting upon discovery of vulnerable packages on the workload and providing CVE (Common Vulnerability and Exposures) information.
With breach detection based on behaviors, we minimize the time that our team needs to spend on identification, analysis of the incident, and process and reporting post-security alerts or incidents.
All systems in the ChurnZero Application are highly available. All critical systems have a redundant pair that lives in at least 1 additional availability zone.
All critical data is copied on a nightly basis to another region in the same continent. ChurnZero Site Operations also maintains a DR by code infrastructure that can be spun up in another region to quickly restore systems and services in the event of a declared disaster.
Continuous Vulnerability Scans
ChurnZero continuously scans for the hundreds of database and web application hacker vulnerabilities, including the OWASP Top 10.
Periodic Penetration Tests
ChurnZero has yearly third-party vulnerability and penetration testing.
All customer data is deleted within 90 days of contract expiration.
ChurnZero is a certified green company. To earn GreenSpaces certification, companies are required to obtain an accurate carbon assessment, take action to reduce their environmental impact, and exercise transparency around all climate activity.
Access to Additional Resources
To gain access to additional security resources , please contact your Customer Success Manager (if you are a customer) or your Account Executive (if you are a prospective customer). Our team will get back to you with the details.