Free Trial

Platform Security

Get Peace of Mind With Top-Grade Platform Security

Sumo Logic Platform Security

Third parties can be a boon to your cybersecurity efforts, or they can be the weak link in an otherwise secure operation. That’s why companies must stay alert to platform security considerations when choosing their partners—and ensure their data remains in capable hands—with vendors who take platform security seriously. Sumo Logic security applies best-in-class technologies and a rigorous process to put the safety of your data first.

Security Background and Culture

Compliance Security iconSumo Logic has been a platform security-minded operation from day one. The company was founded by veterans of the IT security sector who understand the crucial need to put security first in every step of development lifecycle. The platform security team takes a fundamental role in the development of our log management and analytics software, and stays closely involved in the specifications process, coding, code review, user acceptance, and operations.

Some key indicators of Sumo Logic’s platform security commitment include:

  • Whole-disk encryption
  • Access controls at per-thread granularity
  • Whitelisting of individual processes, users, ports, and addresses
  • AES 256 encryption
  • Regular penetration tests and vulnerability scans
  • A strong Secure Development Lifecycle (SDLC)

Compliance and Certifications

Compliance attestations and certifications speak to vendors’ commitment to data security. Sumo Logic currently holds the following:

  • SOC 2, Type 2 attestation
  • Attestation of HIPAA compliance
  • FIPS-140 compliance
  • PCI DSS 3.1 Service Provider Level 1 certification

We work with our CPA partners on an ongoing basis to maintain compliance and add relevant certifications to the list.

AICPA SCO 2 logo HIPAA logo pci dss compliance

Physical Security

In cybersecurity, the importance of physical protections can’t be overstated. That’s why Sumo Logic operates in ISO-certified data centers with PCI DSS Service Level 1 compliance.

Only key personnel know the location of our physical data centers, which are protected 24/7 by armed guards, video surveillance, and biometric access controls.

Logical Data Separation and Encryption

Sumo Logic keeps data logically separate on various layers throughout our service. We tag all data per organization, throughout the lifecycle, and enforce tagging at all layers.

No data is transmitted to Sumo Logic without encryption. Within the Sumo Logic system, AES 256-bit encryption protects all data at rest. All spinning disks are encrypted at the OS level. All data is kept for long-term storage in Amazon’s Simple Storage Service, encrypted per a customer key that is changed every 24 hours.

User-Level SecuritySecurity operations graphic

The security of user accounts is a priority for Sumo Logic services. On account creation, the service automatically creates and issues a strong temporary password, which must be reset upon first login. We maintain stringent password standards that users see in a password dialog, which also urges users to use a password that does not match any of their existing passwords.

After logging in and changing the temporary password, customers download Sumo Logic’s collector software. To securely register the collector, a customer must provide the one-time collector registration ID that the collector will generate upon installation.

When authenticating to a Sumo Logic security service, a highly secure session-ID tracking mechanism ensures that only an authorized user initiates requests.

Finally, Sumo Logic’s Role Based Access Control (RBAC) features allow our customers to set per-user permissions to all of their data from their Sumo Logic console.

Node Security

The Sumo Logic production system consists of many individual nodes running as a cluster. Each of these nodes is a hardened and well-protected system at the network and application layers.

Each cluster node is booted with the latest, up-to-the-minute Security releases of Ubuntu Maverick, and security updates are installed as they become available. All OS, application and security logs from each of the cluster-nodes are fed into a separate copy of the Sumo Logic environment for analysis.

Each node in the cluster also runs a default-deny firewall and the Snort Intrusion Detection System.

Access to Data by Sumo Logic

Only Sumo Logic employees with a validated need for access may access the production cluster, and they can only achieve this using a highly secured two-factor authentication system.

automated testing in a devops worldTesting Program

Critical to platform security is regular testing, including penetration testing and scanning. The Sumo Logic Security team runs daily scans of all new servers. On a weekly basis, we run fully credentialed scans of every new build. Every quarter, we run ASV scans, and penetration testers go to work on our platform every six months.

Trusting the Sumo Logic Platform

Security is our highest priority at Sumo Logic, and earning your trust is our top goal. Learn more about:

Many high-profile companies, including members of the Fortune 500, trust Sumo Logic for security and compliance operations. Clients include AcquiaThe Washington Post, Delta Air Lines, Twitter, and Ulta Beauty.

Get Started Today!

Sign up for your FREE Sumo Logic Trial.

Free Trial
Sign up for your 30 day free trial!
Sign up for
Sumo Logic Free
  • No credit card required to sign-up
  • Create your account in minutes
  • No expiration date
  • After 30 day trial period, reverts to Sumo Logic Free
    View All Pricing Options Privacy Policy