Log Data Security at Every Stage

Security DNA

Securing customer data is not only an imperative at Sumo Logic, it’s in our DNA. The company’s heritage is steeped in the security culture. Our founders and employees are veterans of some of the most respected security companies in the industry.

Our focus on security is embedded throughout the Sumo Logic platform, which is designed from the ground up as a secure, highly available, massively scalable multi-tenant log management and log data analytics platform. All user interactions use EV SSL Certificates for secure communications between a browser and the Sumo Logic service, and all log data is sent through SSL encrypted sessions.

At rest, all log data is securely separated by customer in a highly available data store and encrypted using customer-specific rotating keys.

The Sumo Logic log management service consists of multiple clusters with individual nodes. Each node is maintained in a hardened and well-protected system at the network and application layers.

Access to the production cluster is only allowed to Sumo Logic employees with a need to access the service, and only through a highly secure, two-factor authentication mechanism utilizing centrally managed and tracked IronKeys.

Security Certifications / Examinations

  • Successful completion of SOC 2 examination. Completion of the SOC 2 Type 1 examination comes following a thorough review process of Sumo Logic’s security architecture, business processes and policies.
  • Successful completion of Health Insurance Portability and Accountability Act (HIPAA) Type 1 attestation examination, validating that the company’s log management and analytics service meets the stringent data security requirements of federal healthcare regulations.
  • US-EU Safe Harbor certification
  • PCI, FISMA, ISO27001, and FIPS 140-2 certification for all data centers running the Sumo Logic service

The examination and service auditing was performed by an independent CPA firm, BrightLine CPAs & Associates, Inc.