7 Layers of Security
How SUMO continually covers all potential security vulnerabilities.
SUMO applications are hosted on the Salesforce.com and Amazon AWS platforms and are maintained with 100% uptime guarantee. We use multiple Tier 3+ datacenters to offer high performance and availability. Our infrastructure is classified with military grade security to guarantee our technology is protected against potential threats.
- Consistent firmware updates and security patches,
- Third-party security experts perform periodic penetration testing.
- Near real-time data replication to multiple geographies.
- Highly resilient DNS design.
Furthermore, your data is fully protected at the source data center level, by Salesforce and Amazon, with tightly controlled physical access. All regional data centers include layers of defense-in-depth security, which includes, but is not limited to: secure entrances, video cameras, security personnel, real-time communication networks, and perimeter fencing.
During development phase, we follow internal guidelines based on ASVS during the development lifecycle and upon code review. At release time, our QA and software engineering teams conduct security and vulnerability testing, including running various code scanners Checkmarx, Zap, and more.
We’ve also put a ton of security features in the hands of our customers, enabling you to protect your account and enforce security policies. These tools include two-factor authentication, account lockout, password policies, session timeouts configurations, field level security, data level security, automated full data backup features, and more.
Our security program includes protecting the integrity, privacy, and availability of all data processed through our services. We maintain vital technical safeguards to continually ensure your data is protected.
The only data SUMO stores using our Public API are free/busy appointment availability and user IDs, which can not be used to identify a SUMO user’s real contact details. Furthermore, the SUMO cloud platform uses “HTTPS only”, which means all data in transit uses TLS 1.0 (and higher) encryption. In cases where HTTP is used, visitors are automatically redirected to a secure connection. As a result, customer data is always encrypted in transit.
IMPORTANT: The SUMO Calendar API only accesses basic calendar data such as free/busy information, necessary to provide real-time availability during scheduling. SUMO does not read or sync all of your users private calendar appointment data. Only the official trusted APIs are used to check free/busy status in real-time. Busy times from your calendar are cached for performance, and SUMO only saves event start and end times. This ensures that sensitive event details (such as Subject, Description, and Attendees) never reach or are stored in our database.
SUMO uses Salesforce and Amazons infrastructure technology to constantly monitor and protect our system. Our system collects and aggregates non-sensitive log data from our multiple servers, which is constantly analyzed for threats or vulnerabilities. Our staff is immediately alerted if any potential issues are detected, which allows us to proactively resolve any vulnerabilities before they are exploited.
Once hired, our employees are required to attend mandatory Security and Privacy training on an ongoing basis. We offer an option to get our customers up and running without ever accessing your private customer data. However, you may choose to grant our employees access to your production data on a case-by-case basis. Finally, when an employees relationship is terminated with SUMO, we immediately follow a thorough process, which includes revoking any access to SUMO systems.