Trust Center > Security

PLATFORM

Security


We maintain security of our systems and operations on a daily basis.

SUMO is trusted by industry leaders, due in part to the comprehensive infrastructural and application level security measures we consistently maintain.  We don’t stop here, however.  Our dedication to security includes operations and corporate policies.

7 Layers of Security

How SUMO continually covers all potential security vulnerabilities.

Infrastructure Security

SUMO applications are hosted on the Salesforce.com and Amazon AWS platforms and are maintained with 100% uptime guarantee.  We use multiple Tier 3+ datacenters to offer high performance and availability.  Our infrastructure is classified with military grade security to guarantee our technology is protected against potential threats.

  • Consistent firmware updates and security patches,
  • Third-party security experts perform periodic penetration testing.
  • Near real-time data replication to multiple geographies.
  • Highly resilient DNS design.

Furthermore, your data is fully protected at the source data center level, by Salesforce and Amazon, with tightly controlled physical access.  All regional data centers include layers of defense-in-depth security, which includes, but is not limited to: secure entrances, video cameras, security personnel, real-time communication networks, and perimeter fencing.

Application Security

The SUMO platform is continually architected with security in mind.  At the application layer, our software engineering leaders ensure best practices, such as OWASP, are followed to properly design and code the software to meet the most strict security standards.   The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls. It provides developers with a list of requirements for secure development.

During development phase, we follow internal guidelines based on ASVS during the development lifecycle and upon code review.  At release time, our QA and software engineering teams conduct security and vulnerability testing, including running various code scanners Checkmarx, Zap, and more.

We’ve also put a ton of security features in the hands of our customers, enabling you to protect your account and enforce security policies.  These tools include two-factor authentication, account lockout, password policies, session timeouts configurations, field level security, data level security, automated full data backup features, and more.

Data Security

Our security program includes protecting the integrity, privacy, and availability of all data processed through our services.  We maintain vital technical safeguards to continually ensure your data is protected. 

The only data SUMO stores using our Public API are free/busy appointment availability and user IDs, which can not be used to identify a SUMO user’s real contact details.  Furthermore, the SUMO cloud platform uses “HTTPS only”, which means all data in transit uses TLS 1.0 (and higher) encryption.  In cases where HTTP is used, visitors are automatically redirected to a secure connection.  As a result, customer data is always encrypted in transit.

Calendar Security

At the heart of SUMO is a Calendar API, which offers a secure server-to-server connection to the major calendar platforms on the market, including Microsoft and Google Calendar.   The SUMO Calendar API uses the secure industry standard OAuth 2.0 authentication protocol.

IMPORTANT: The SUMO Calendar API only accesses basic calendar data such as free/busy information, necessary to provide real-time availability during scheduling.  SUMO does not read or sync all of your users private calendar appointment data.  Only the official trusted APIs are used to check free/busy status in real-time. Busy times from your calendar are cached for performance, and SUMO only saves event start and end times. This ensures that sensitive event details (such as Subject, Description, and Attendees) never reach or are stored in our database.

System Security

The SUMO architecture is a multi-tenant environment that ensures no cross-pollination of customer data, while offering maximum performance and economies of scale.  All data is routinely backed up at the server level and proper disaster recovery protocols are followed.

SUMO uses Salesforce and Amazons infrastructure technology to constantly monitor and protect our system.  Our system collects and aggregates non-sensitive log data from our multiple servers, which is constantly analyzed for threats or vulnerabilities. Our staff is immediately alerted if any potential issues are detected, which allows us to proactively resolve any vulnerabilities before they are exploited.

Organizational Security

At SUMO, we understand that security protocols are only as strong as the people who maintain them.  For this reason, we are extremely diligent in hiring experienced employees to manage the company’s security program.  This involves comprehensive upfront role and process definitions, as well as ongoing audits and process improvements.  Further, we conduct background checks and require every single employee to hire confidentiality, privacy, and information security policies.

Once hired, our employees are required to attend mandatory Security and Privacy training on an ongoing basis.  We offer an option to get our customers up and running without ever accessing your private customer data.  However, you may choose to grant our employees access to your production data on a case-by-case basis.  Finally, when an employees relationship is terminated with SUMO, we immediately follow a thorough process, which includes revoking any access to SUMO systems.

Security Bounty Program

Finally, we have a Security & Bug Bounty Program where we incentivize our customers and partners to report any security vulnerabilities or product defects they uncover.  We find this to be a great way to encourage everyone to play a role in ensuring SUMO constantly meets the highest standards in the marketplace.

Report a Security Concern

Found a security issue?  Contact us – remain anonymous if you prefer.

What are customers saying?

 

SUMO rescued us from manual processes!

SUMO helped us automate our advising session scheduling process with approximately 1200 students a year. Before SUMO we had to do this manually, a process that was time-consuming and subject to error. The seamless interaction between SUMO and Salesforce enables us to quickly send appointment invites, and easily know when a student has scheduled an appointment. The outward-facing interface is also very user-friendly which makes it easy for our students to schedule their appointments. 

We have worked with Sumo for outward-facing processes for 5 years now and would highly recommend Sumo to anyone looking for a great appointment scheduling solution that is natively built in Salesforce.

Rebeca Lamadrid

VP, Operational Effectiveness, The Washington Center

Great app for productivity & scheduling

I've managed our relationship with SUMO from implementation to today and can say that it's been such a huge benefit to our organization. As a growing nonprofit that places a high priority on leveraging technology to allow our direct service providers ways to do their jobs, SUMO was a natural fit for us. The implementation process was seamless as their team was always available and very easy to work with. We're now able to more easily set up and manage user schedules. And our favorite feature has been the self-scheduler which has completely streamlined the scheduling process for follow up appointments with clients.

Ashley Jones

Associate Director - Salesforce, Neighborhood Trust Financial Partners

SUMO Rocks!

We use SUMO to schedule appointments with clients for certifications and client success appointments. The self-scheduling tool works every time and we have implemented wild card appointments to maximize our availability. We highly recommend SUMO due to the superior customer service and support! The level of support we receive goes above and beyond. Thank you SUMO for your support!

Greg Thatcher

IT Manager, Five Star Professional

This App has completely changed our processes

The amount of appointments that we are able to make has increased by over 70%. My agents no longer have to play the game of back and forth to try to find a time that works for both parties. This app has been a game-changer for our organization. My agents are now able to concentrate on other clients and communications knowing that they can send the scheduling message and the client is able to self serve.

Kerry Hoisington

Director of Customer Experience, Careerstep

Sophisticated, easy-to-use appointment tool

I've worked with SUMO on several engagements-they've always been very collaborative and customer-focused. Their appointment scheduler is robust and technically scalable, and the have strong online support. Happy to report positive experiences with them.

Jim Gilbert

Salesforce Consulting Director, Huron Consulting

Takes the headaches out of scheduling appointments!

This tool has helped our students schedule appointments with our reps at a time that is convenient for them. It has really helped us spend our time on the right students. Other great bells and whistles and smooth implementation!

Taylor Neece

Dean of Admissions, California Baptist University

Ready to meet SUMO?