With years of experience at the cutting edge of cloud security, you can depend on the Lumigo team to protect the integrity of your data.
Founded by former executives from Check Point Software Technologies, Lumigo’s approach to security is informed by an unrivaled knowledge of enterprise-level cloud security. And we’ve put that expertise into practice by ensuring that we set the highest standards for security and privacy when it comes to our platform and internal processes.
Lumigo is HIPAA compliant, and so adheres to exacting standards to ensure the secure and private handling and transmission of Protected Health Information.
In order to meet compliance to this standard, the company has undergone the ISO 27799 auditing and certification.
Lumigo is ISO 27001 certified. This requires us to undergo an annual auditing process by a qualified independent party to ensure that we maintain a comprehensive suite of information security controls.
Lumigo has successfully completed a System and Organization Controls (SOC) 2 Type II audit performed by Ernst & Young, LLP (EY).
Lumigo prioritizes data protection, control, and compliance with applicable Privacy regulations.
Lumigo’s infrastructure – and the data we collect – is hosted entirely on Amazon Web Services (AWS) cloud, whose data centers are subject to strict physical and environmental controls, and stringent access restrictions. You can read more about that here. We don’t house any servers or network equipment at the Lumigo offices. As an APN Advanced Technology Partner, our architecture has also passed review by the AWS team.
Lumigo collects necessary data from the customer’s environment and relays it to the Lumigo backend over HTTPS (TLS 1.2).
Authentication and Access Management from the Lumigo connector to the Lumigo backend is handled using unique tokens in order to ensure complete segregation between customers.
Within the Lumigo backend, all resource access is secured utilizing IAM roles with the minimum set of permissions, following AWS best practices. Both the runtime data and the logs and metrics collected are controlled (and can be turned off at any time) by the customer, although most prefer to leave it on so as to get a complete picture of their system.
All aggregated data is saved for a period of no longer than one year, and customers have the right to specify if they wish to shorten the data retention period.
Protecting the integrity of our customers in the GDPR era is very important to us. Lumigo follows GDPR guidelines as a data processor for services provided to our customers and we can make our Data Processing Addendum (DPA) available for execution on request. In addition, we are committed to helping our customers with their GDPR compliance processes by providing robust privacy and security protections built into our services and contracts.