Personal data is a valuable commodity in today’s digital world. It ensures that your business thrives and expands by offering the products, services and experiences that your customers truly want, when they want them. Reflecting this tremendous value, the digital collection of personal data has never been under closer scrutiny.
Built for data-sensitive environments, Glassbox understands that the security of the data collected and stored by our customers is nothing less than critical. To deliver the peace of mind that our customers deserve, we apply four layers of security.
As accreditation for these practices, Glassbox is SOC 2 and ISO 27001 certified, ensuring the highest international standards and best practices in information security.
-
Policy
- Our developers work according to a Secured Software Development Life-Cycle (SSDLC) in all the development stages – planning and requirements, architecture and design, test planning, coding, testing and results, release and maintenance.
- Penetration tests and audits are performed by an external 3 rd party on a regular basis.
- We work according to FIPS 140-2 Standards.
-
Infrastructure
- When our customers choose to deploy Glassbox in the Cloud, each Customer gets its own isolated environment (Virtual Private Cloud).
- Application-level resources are never shared.
- All Customer data is encrypted.
-
Software
- Glassbox supports Single Sign-On (SSO) including SAMEL2.0
- Functionalities are enabled according to roles.
- Permissions are given per application e.g. (www.mywebsite.com/app1 vs. www.mywebsite.com/app2).
- Encryption of configuration files of the GB system in all endpoints (customer websites and mobile apps).
- Audit log – each and every change to the Glassbox system is being audited.
-
Data & masking
- Data is being encrypted at rest and on transport.
- Data can be fully omitted from transmissions in a away that it will never leave the end-user device.
- Data can be masked at any level, from end-user level to system level.
- Both masking and omitting are fully customizable and can be configured as per our customers’ requirements and regulations needs.
- Personally Identifiable Information (PII) can be completely masked and be made visible only to authorized users only.