GREATHORN TRUST AND SECURITY
Security isn’t just something we provide our customers – we embed it into every product we build, every business process we follow, and every interaction. Our customers rightly expect security and privacy to be vital parts of our DNA, and we invest time and effort into both meeting that expectation and making it possible to independently verify that we are living up to that promise.
“As a security company, our continuous commitment to internal information security practices, risk types, procedures and operations is as vital to us as the development of our products themselves. With the completion of our SOC 2 Type 2 attestation, we have demonstrated our ability to implement and follow the strenuous controls required to meet SOC 2 standards.”
– Ray Wallace, CTO and Co-Founder, GreatHorn
SOC 2 Type 2
GreatHorn is SOC 2 Type 2 certified by KirkpatrickPrice. The SOC 2 report provides a description of GreatHorn Email Security and the company’s organization controls that meet the AICPA Trust Services relevant to Security, Availability, and Confidentiality.
A copy of our SOC 2 report is available upon request. Please contact your sales representative or account team for more details.
SOC 3 Report
In this SOC 3 report, available for download, GreatHorn demonstrates that GreatHorn Email Security and the company’s organization controls meets the AICPA Trust Services relevant to Security, Availability, and Confidentiality.
Cloud Security Alliance – STAR Certification
GreatHorn has met the requirements of the Cloud Security Alliance’s Security, Trust, & Assurance Registry (STAR) program.
Our Commitment to Customers
In addition to the industry standards outlined above, GreatHorn is committed to privacy across all parts of our business
- Detailed review of all data access available product-side from immutable audit log
- End-user data fully anonymized prior to storage in GreatHorn Data Cloud
- Registered with U.S. Department of Commerce
- Annual privacy review with BBB and committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureau
Fundamental Security Architecture
- No mail routing or network-level changes occur with GreatHorn
- Access is provisioned used 3-legged OAuth; client-side MFA best practices provide additional account security
- All analysis occurs within a secure, containerized, cloud-hosted environment
- Email content is analyzed in memory, never serialized to disk or across network
- All client-identifiable metadata is stored in single-tenant DB
- All globalized metadata is tokenized (irreversible de-identification)
Compliant, Secure, Trusted
- All data fully encrypted both in use and at rest
- Multi-factor authentication enforced across all internal accounts and services
- Least-privilege approach enforced across all personnel, processes, and systems
- All infrastructure monitored and managed with industry-leading security tooling
- Regularly conducted, third-party web and infrastructure penetration testing and analysis, in addition to internal efforts
- Company founded by team of cybersecurity veterans (@stake, CloudLock, Conjur, Courion)
- Architecture and design built using SOC-certified cloud services (Amazon Web Services, Microsoft Azure)
- Data integrations built using certified platform APIs, protected by OAuth
- Industry-leading best practices around software design and testing