Security at Vendasta
Security, safety and privacy are our top priority. If you have any questions, or encounter any issues, please contact us.
Explore this page:
Cloud Security
Application Security
HR Security
FAQs
Cloud Security
Physical Security
All Vendasta data is stored in the cloud within the United States across multiple geographically isolated regions. Infrastructure services include environmental controls and on-site security to provide best-in-class protection for your data. You can learn more here.
Data Security
All data is stored encrypted at rest using industry-leading encryption. Vendasta maintains backups of all critical information and uses identity and access management policies to restrict access to authorized systems and personnel.
Infrastructure Security
All application infrastructure is hosted on the cloud and makes use of “infrastructure as code” as a means of providing transparency and auditibility. When possible, Vendasta automates patch management of cloud provider systems.
Application Security
Authentication
Vendasta uses single sign-on through trusted identity providers as the preferred means of authentication. Vendasta enforces password minimums and stored passwords are saved securely as salted hashes. User login and password reset attempts are logged and audited for anomalous behaviour.
Secure Development (SDLC)
Secure coding training for all engineers is conducted annually with emphasis on OWASP Top Ten security risks. Vendasta incorporates code scanning and dependency vulnerability detection across the development lifecycle, from developer tools to our CI/CD pipeline.
Vulnerability Management
Our Responsible Disclosure Program gives security researchers an avenue for safely testing and notifying Vendasta of security vulnerabilities through our partnership with HackerOne.
HR Security
Policies
Vendasta has developed a comprehensive set of security policies derived from the Center for Internet Security (CIS) controls. These policies are made available to all employees and critical policies must be read and accepted prior to beginning job functions.
Training
All Vendasta employees undergo mandatory security awareness training annually. All engineers receive annual secure code training.
Personnel
Vendasta regularly audits employee access levels. Access is promptly removed upon employee departure.
FAQs
Start making more money with Vendasta
Talk to one of our experts or try our software for free to discover exactly how we can help your business sell more at scale.