Lumigo is committed to following the highest security standards and, as such, we have incorporated best practice security methodologies into all aspects of our platform and internal processes.
Founded by former executives from Check Point Software Technologies, Lumigo’s veteran security team possesses unrivaled knowledge and expertise in enterprise-level cloud security.
Lumigo’s backend is hosted on Amazon Web Services cloud. Our architecture is regularly reviewed and monitored by internal and external experts to verify its security, integrity and robustness.
As an APN Advanced Technology Partner, Lumigo has attained the highest tier of technological partnership with AWS, and as such passed rigorous tests and reviews by AWS experts.
Lumigo is HIPAA compliant, and as such adheres to exacting standards to ensure the secure and private handling and transmission of Protected Health Information. In order to meet compliance to this standard, the company has undergone the ISO 27799 auditing and certification.
Lumigo is ISO 27001 certified, and is required to undergo an annual auditing process by a qualified independent party to ensure that it maintains a comprehensive suite of information security controls.
Lumigo has achieved CSA STAR Level 1 certification from the Cloud Security Alliance (CSA). The STAR Certification is an internationally-recognized cloud security certification program jointly developed by CSA and BSI, that specifies comprehensive and stringent cloud security requirements for software vendors.
Lumigo collects necessary data from the customer’s environment and relays it to the Lumigo backend over HTTPS (TLS 1.2).
Authentication and Access Management from the Lumigo connector to the Lumigo backend is handled using unique tokens in order to ensure complete segregation between customers.
Within the Lumigo backend, all resource access is secured utilizing IAM roles with the minimum set of permissions, following AWS best practices. Both the runtime data and the logs and metrics collected are controlled (and can be turned off at any time) by the customer, although most prefer to leave it on in order to get a complete picture of their system.
All aggregated data is saved for a period of no longer than one year. Lumigo customers have the right to specify if they wish to shorten the data retention period.
Lumigo’s infrastructure and collected data is hosted entirely on AWS cloud, with no servers or network equipment at the physical Lumigo offices. AWS Data Centers are subject to strict physical and environmental controls, and stringent access restrictions.
You can find out more about the physical security of AWS Data Centers here.
As a company that places the utmost importance on privacy, protecting the integrity of our customers in the GDPR era is very important to us. Lumigo follows GDPR guidelines as a data processor for services provided to our customers and can make its Data Processing Addendum (DPA) available for execution on request. In addition, we are committed to helping our customers with their GDPR compliance processes by providing robust privacy and security protections built into our services and contracts.
Request our GDPR whitepaper by getting in touch at email@example.com
Lumigo is accredited with the EU/Swiss-US Privacy Shield Certification, which requires strict compliance with a set of privacy principles established by the American Department of Commerce in conjunction with the European Union. Read the Privacy Shield Notice.
If you have any further questions or would like to receive additional information on Lumigo’s Security, Privacy or GDPR readiness please contact us at firstname.lastname@example.org.