Security and Privacy
Joe Security takes security and data privacy very serious. You decide about the deployment model, Cloud or On-Premise and you decide how long something is stored. Apart from Cloud Basic, our community service, Joe Security does not share or use any of your data.
Customer Data Protection
- Logical or physical Tenant Separation
- Encryption In-Transit (TLS 1.2, SSL Labs Grad A)
- Encryption At Rest (AES-128 or AES-256)
Customer Data Control
- Configurable Data Retention (1 – 30 days max)
- Secure deletion at any time (manual or via API)
- Encryption of Analyses with Customer-provided passwords
Cloud Security
- Redundant Infrastructure (Cloud Pro)
- DDOS Protection & WAF
- SSO, 2FA and security log
- Vulnerability Scanning
Application Security
- Annual Penetration Testing
- Vulnerability Scanning
Compliance
- Joe Security is fully ISO 27001 certified
- All Data Centers are ISO 27001 certified and located in Europe
- GDPR compliant (DPA available)
Data Privacy
- No sharing of analysis reports with third parties
- No sharing of samples, IOCs or other artifacts with third parties
- No use of IOCs for threat intelligence or feeds