Network Intelligence Starts with Trust

Our team's top priority is delivering you a reliable service
built on rigorous standards of information security and privacy.

Confidentiality and Integrity

Organization of Information Security
Information Security organization at ThousandEyes is headed by the Chief Information Security Officer. His team oversees all aspects of data protection: business, physical, and technical security and privacy. This also includes audit and compliance, as well as overall risk management.
Human Resources Security
We believe information security starts with people and it's not enough to merely secure physical systems. Hence, we invest in security awareness and training for all our employees so that they are equipped with the knowledge to support our security and privacy management systems from day one.
Asset and Risk Management
All information is classified in terms of its confidentiality within a three-level data classification scheme, and we require specific security controls to be implemented accordingly. Risk assessments are required to performed on each critical information asset to verify if existing controls meet defined criteria. All customer information is classified as confidential by default and as a result, will always require the highest level of protection.
Access Control
Access to information is granted on a need-to-know basis and controlled through a managed process that addresses authorization for new access, timely access revocation when required and periodic review of access lists to critical information.
Cryptography
All crypto controls at ThousandEyes adhere to international legal regulations and restrictions and require strong key management procedures.
Physical and Environmental Security
Both data center and office space are equipped with access control and video surveillance systems with 24x7 security onsite. To be accepted by ThousandEyes, data centers must meet Tier III requirements.
Operations Security
All networks, systems and applications are securely configured, implemented and backed-up to ensure that they operate as intended. Anti-malware is deployed on all critical customer-facing systems.
Communications Security
All communication resources at ThousandEyes are used in a manner that is consistent with our ethical and business principals and have implemented relevant controls such as use of cryptography for sensitive data transmission.
System Acquisition, Development and Maintenance
Examples of our controls include penetration testing and code review as vital steps in the approval process. Furthermore, our secure software development lifecycle design and deployment methodologies are continually being enhanced to keep up with current best practices and stay ahead of the latest threats.
Third Party Services
When contracted third-parties act on our behalf, we require them to meet the same rigorous standards of security and privacy as we meet internally. This due diligence is completed as part of our vendor risk management process, which entails a comprehensive security review of the third-party organization as well as their service offering or product.
Security Monitoring and Incident Management
We constantly monitor our network, systems and applications to detect various types of events. No surprise, our own cloud monitoring solution monitors itself and other components of our technology infrastructure. When a critical event is registered, incident response plan immediately kicks in.

Resources

Efficient Vulnerability Management with Qualys
Identity Management for the Cloud Era, Part I: Challenges of User Access Management
Identity Management for the Cloud Era, Part II: AD FS Configuration
SAML-Based SSO with ThousandEyes and Okta
Shared Responsibilities for Security in the Cloud
ThousandEyes Privacy Management System

Security & Privacy

SSL