• Home
  • Solutions
    • Security Awareness Training
    • HIPAA Compliance
    • PCI DSS Compliance
    • Due Diligence
    • Posture Pro
  • Small Business
  • Enterprise
  • Pricing
  • Try It
  • Login
Posture Posture
  • Home
  • Solutions
    • Security Awareness Training
    • HIPAA Compliance
    • PCI DSS Compliance
    • Due Diligence
    • Posture Pro
  • Small Business
  • Enterprise
  • Pricing
  • Try It
  • Login
Posture

Our Commitment to Security

At Posture, we believe in security, privacy, transparency, and trust. You own your data, but you entrust us to protect it. As a result, we are transparent about the technical details, infrastructure, and architecture used for our platform. Our goal is to make you feel comfortable when you use our products. We know that security, reliability, confidentiality, and integrity are paramount; that’s why we’d like to tell you a bit about how we ensure it.

    Data Protection

    Posture has designed our system to treat all customer data as vital. Our data protection includes, but is not limited to:

    Cloud-Hosted Service

    Posture uses Amazon Web Services (AWS) as our hosting provider. AWS is the gold standard for thousands of companies worldwide, and we use AWS’ best-in-class infrastructure to ensure your data is available and secure.

    Three-Tier Architecture

    Posture’s platform was built separating the application into three layers: web, application, data. Each tier runs on its own infrastructure, can be developed simultaneously, and can also be updated or scaled as needed without impacting the other tiers.

    Encryption at Rest and in Transit

    All customer data is encrypted using industry-accepted tools, standards, and best practices for the services we leverage. Data transferred encryption is based on the TLS 1.2 protocol.

    Physical Security

    AWS data centers are secure by design and have constant monitoring and logging. AWS provides physical data center access only to approved employees.

    Vulnerability Management & Testing

    A chain is only as strong as the weakest link. That’s why Posture continuously reviews the security of the Posture platform, applications, and applied best practices.

    Penetration Testing and Vulnerability Assessments

    Posture uses its own internal certified penetration and vulnerability assessment/testing teams. Findings from each assessment are reviewed with the assessors, then risk ranked and assigned to the responsible team. Vulnerabilities are treated with the highest priority at Posture and are dealt with in a timely manner.

    Posture Application Security

    We undergo penetration tests, vulnerability assessments, and source code reviews to assess the security of our application, architecture, and implementation. Our security assessments cover all areas of our platform, including testing for OWASP Top 10 web application vulnerabilities and customer application isolation.

    System Configuration

    System configuration and consistency are maintained via standard, up-to-date images, configuration management software, and updating and replacing deployments. Systems are deployed using up-to-date images updated before deployment with changes in configuration and security updates.

    Data Privacy & Compliance

    Posture is a chief user of our own platform, and we hold ourselves to the highest of standards.

    Privacy

    Posture takes steps to protect the privacy of our customers and protect data stored within the platform. Posture has a published Privacy Policy that clearly defines which data is collected and how it is used.

    Access to Customer Data

    Posture staff, as part of normal operations, do not access or interact with customer data or applications. Posture may be asked to interact with customer data or applications for support purposes or where required by law at the customer’s request. Customer data is controlled by access, and all access by Posture staff is accompanied by customer approval or government mandate, reason for access, staff actions, and start/end times for support.

    Employee Checks

    All Posture employees undergo pre-employment checks and agree to company policies, including security policies and policies for acceptable use.

    Security Awareness Training

    Posture employees are required to attend security training and receive additional monthly security training.

    Data Centers

    Amazon undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (previously SAS 70 Type II), PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).

    PCI

    We use the PCI compliant payment processor Stripe for encrypting and processing credit card payments. Posture’s infrastructure provider is PCI Level 1 compliant.

    Continuous Monitoring & Incident Response
    Backups

    Posture uses Amazon S3 to deploy the Posture web platform. The Amazon S3 platform automatically backs up as part of the deployment process on secure, access controlled, and redundant storage. We use these backups to deploy out applications across our platform and to automatically bring your application back online in the event of an outage.

    Port Scanning

    Port scanning is prohibited, and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped, and access is blocked.

    Firewalls

    Firewalls are used to restrict access to systems from external networks and between systems internally. By default, all access is denied and only ports and protocols explicitly permitted on the basis of business requirements.

    DDoS Mitigation

    Our infrastructure provider takes advantage of DDoS mitigation techniques, including TCP Syn cookies and connection rate limiting, along with maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed.

    Spoofing and Sniffing Protections

    Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure, including the hypervisor, which will not deliver traffic to an interface to which it is not addressed. Posture uses Amazon AWS, which applies application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels.

    ABOUT POSTURE

    Posture provides small and mid-size suppliers with an affordable solution to improve their cybersecurity hygiene and verifiably meet their buyer’s security requirements.

    Gain access to our powerful supplier risk management platform, which connects buyers and suppliers. Buyers gain greater visibility into their supplier’s security practices and risk. Suppliers gain access to understandable security requirements, relative maturity scoring, training, and a marketplace of vetted cybersecurity and privacy “made-easy” tools.

    GET IN TOUCH

    Contact Us

    Email Support

    1-888-418-6628

    COMPANY

    About Us

    Our Security

    Blog

    QUICK LINKS

    Features

    Due Diligence

    Posture Pro

    Training

    HIPAA

    PCI-DSS

    Terms of Service | Privacy Policy | Security 

    © 2022 Posture Inc. All Rights Reserved.

    Privacy Center | Do not sell my personal information

    © 2023 Posture Inc. All Rights Reserved.