Sumo Logic Platform Security
Third parties can be a boon to your cybersecurity efforts, or they can be the weak link in an otherwise secure operation. That’s why companies must stay alert to platform security considerations when choosing their partners—and ensure their data remains in capable hands—with vendors who take platform security seriously. Sumo Logic security applies best-in-class technologies and a rigorous process to put the safety of your data first.
Security Background and Culture
Sumo Logic has been a platform security-minded operation from day one. The company was founded by veterans of the IT security sector who understand the crucial need to put security first in every step of development lifecycle. The platform security team takes a fundamental role in the development of our log management and analytics software, and stays closely involved in the specifications process, coding, code review, user acceptance, and operations.
Some key indicators of Sumo Logic’s platform security commitment include:
- Whole-disk encryption
- Access controls at per-thread granularity
- Whitelisting of individual processes, users, ports, and addresses
- AES 256 encryption
- Regular penetration tests and vulnerability scans
- A strong Secure Development Lifecycle (SDLC)
Compliance and Certifications
Compliance attestations and certifications speak to vendors’ commitment to data security. Sumo Logic currently holds the following:
- SOC 2, Type 2 attestation
- Attestation of HIPAA compliance
- FIPS-140 compliance
- PCI DSS 3.1 Service Provider Level 1 certification
We work with our CPA partners on an ongoing basis to maintain compliance and add relevant certifications to the list.
In cybersecurity, the importance of physical protections can’t be overstated. That’s why Sumo Logic operates in ISO-certified data centers with PCI DSS Service Level 1 compliance.
Only key personnel know the location of our physical data centers, which are protected 24/7 by armed guards, video surveillance, and biometric access controls.
Logical Data Separation and Encryption
Sumo Logic keeps data logically separate on various layers throughout our service. We tag all data per organization, throughout the lifecycle, and enforce tagging at all layers.
No data is transmitted to Sumo Logic without encryption. Within the Sumo Logic system, AES 256-bit encryption protects all data at rest. All spinning disks are encrypted at the OS level. All data is kept for long-term storage in Amazon’s Simple Storage Service, encrypted per a customer key that is changed every 24 hours.
The security of user accounts is a priority for Sumo Logic services. On account creation, the service automatically creates and issues a strong temporary password, which must be reset upon first login. We maintain stringent password standards that users see in a password dialog, which also urges users to use a password that does not match any of their existing passwords.
After logging in and changing the temporary password, customers download Sumo Logic’s collector software. To securely register the collector, a customer must provide the one-time collector registration ID that the collector will generate upon installation.
When authenticating to a Sumo Logic security service, a highly secure session-ID tracking mechanism ensures that only an authorized user initiates requests.
Finally, Sumo Logic’s Role Based Access Control (RBAC) features allow our customers to set per-user permissions to all of their data from their Sumo Logic console.
The Sumo Logic production system consists of many individual nodes running as a cluster. Each of these nodes is a hardened and well-protected system at the network and application layers.
Each cluster node is booted with the latest, up-to-the-minute Security releases of Ubuntu 14.04 LTS, and security updates are installed as they become available. All OS, application and security logs from each of the cluster-nodes are fed into a separate copy of the Sumo Logic environment for analysis.
Each node in the cluster also runs a default-deny firewall and the Snort Intrusion Detection System.
Access to Data by Sumo Logic
Only Sumo Logic employees with a validated need for access may access the production cluster, and they can only achieve this using a highly secured two-factor authentication system.
Critical to platform security is regular testing, including penetration testing and scanning. The Sumo Logic Security team runs daily scans of all new servers. On a weekly basis, we run fully credentialed scans of every new build. Every quarter, we run ASV scans, and penetration testers go to work on our platform every six months.
Trusting the Sumo Logic Platform
Security is our highest priority at Sumo Logic, and earning your trust is our top goal. Learn more about: