Free trial

Security measures applied to DESK environments

Our development processes, operations, and infrastructure follow a comprehensive set of security policies that are reviewed at least annually and communicated to all employees. These policies ensure confidentiality, integrity, and availability of our systems and enable us to provide the best possible service to our customers. This page provides an overview of the measures we've taken to secure our hosting environment.

Data hosting & storage

DESK runs in the Amazon cloud. Amazon Web Services' (AWS) certified cloud infrastructure security measures provide a high degree of data protection. AWS guarantees physical access controls, hypervisor protection, and secure decommissioning of instance data.

Permissions & authentication

Direct access to AWS services by our employees is carefully regulated based on multi-factor authentication. Permissions are granted on a "need to access" policy following a thorough approval process.

Failover & backups

For backup purposes (and for high availability across multiple data centers) we operate clusters in multiple AWS availability zones. Although captured monitoring data is mirrored to multiple availability zones, a customer's data will never be sent outside of the originating geographic region (United States, European Union, or Australia). For example, monitoring data captured in Ireland remains in the EU as Irish backups are mirrored to clusters in Germany.

Monitoring

All systems we run are subject to permanent health and security monitoring.

Security testing

The attack surfaces of our services are minimized based on automated vulnerability scans, regularly conducted external and internal penetration tests, as well as external and internal bug-bounty programs.

Incident response

We continuously monitor the security of our hosting environment. In case of security incidents, we thoroughly evaluate detected problems and the underlying root causes. We then define and implement countermeasures and required improvements.

Training & awareness

All DESK employees undergo annual security-awareness training.