Close this search box.

Governance, Risk & Compliance

SpyCloud aligns ourselves with industry-best security practices. Here, you can find information about our technical and organizational security measures.

If you don’t see the information you’re looking for, please email us at


SpyCloud hosts all production data within a secure industry leading hosting services provider, Amazon Web Services. This provider is compliant with multiple frameworks, such as SOC2 and ISO27001. The hosting provider is responsible for all physical access security for the datacenter.

All traffic coming into and leaving the production network is logged within our firewall. SpyCloud implements firewalls that restrict known malicious traffic. These logs are secured and limited to a subset of employees with read-only access. Logs are important for investigation-related materials such as forensics.

High targets, such as environment connection points to the production environment, have further logs installed on them. These logs are setup in accordance with common security standards such as read-only format to ensure that logs are remain secure.

All products assets are deployed using hardened images which consist of the most stable version of updates currently available. These images are maintained using terraform.

In the event a high or critical CVSS scored vulnerability occurs, we will triage this in accordance with our security incident response policy. SpyCloud implements a four tier grouping for vulnerabilities: Low, Medium, High, and Critical. Each category is accompanied with their own resolution times.

Anti-Virus & Anti-Malware

Within the production environment, all machines are monitored using anti-virus and anti-malware protection methods. We utilize industry-leading, centrally-managed tools. Our engineering team continuously monitors these tools, and all alerts, such as vulnerability or malicious findings,  are triaged in accordance with our Security Incident Response Plan.

In order to maintain a stable and reliable environment, SpyCloud implements backups on a regular basis. All backups are encrypted with AES256.

The production environment is secured with encryption at-rest and in-transit. Traffic is restricted to TLS 1.2 and above only. Encryption-at-rest occurs using modern and secure technologies, such as AES256.

All SpyCloud-owned assets and systems require secure access and authentication. SpyCloud implements authentication security in a variety of forms. Laptops require that all users provide a strong password or their fingerprint in order to be open.

All connections to the data center require a username, password, and a form of multi-factor authentication. Accounts are regularly reviewed as part of the continuous monitoring process. During this review, we ensure that only accounts with need-to-know responsibility have access. We perform this to align with the principles of separation of duties and least privilege.

SpyCloud uses a combination of industry leading tools  in order to maintain a secure production environment. These tools create a baseline behavior which alerts the Engineering team when deviations from normal behaviors occur.

In order to maintain a stable and secure environment, SpyCloud follows strong change management practices. All changes are tracked in a ticketing system which provides SpyCloud with crucial information regarding all changes. Prior to a change being implemented within the production environment, a series of testing occurs, including code review, quality assurance, and code scanning. All changes require multiple levels of review and approval to ensure that any production-related changes have been safely tested and approved.

Transforming recaptured data to protect your business.