Opsgenie security
Here at Opsgenie we take security very seriously. Below is a summary of our key security practices. If you have any questions, contact us at security@opsgenie.com, or participate in Opsgenie’s Community Forums
Product security features
Authentication
- Single sign-on
- Strong Password, Password Expiration, and Password History policies
- Captcha protection for password authentication
- Ability to revoke all sessions or reset all user passwords
- Api key mandatory for api requests
Access control
- Team based configuration, schedules, escalations, policies, integrations, alerts, and incidents
- Team-based integrations only allow access to team-based resources
- User & team member role support
- Custom role support for fine-grained access of control policies
- Integration access control policies & API key regenerate support
Logging
- Persistent Alert, Incident, and Team Logs for regulatory compliance
- Searchable Logs Page containing all activities
Your data fully under your control
- Integrations and Modify policies shall restrict alert content stored on Opsgenie
- Read & write is always available via web applications and REST API
Security for your systems
- Static IPs available for whitelisting Opsgenie traffic to your systems, webhook & other integrations
- Marid as a pub-sub Opsgenie event listener, requires no incoming traffic permissions
Organization security
- Strict controls for Opsgenie employees’ access to customer data
- Information security training and awareness program
- Security embedded to Software Development Life Cycle
- Centralized Endpoint protection
- Incident management policies & procedures implemented for security breaches
- Policies & procedures implemented based on ISO 27001 Information Security
- Shared responsibility model within the organization
- Each product engineering team focuses on the security of features they crafted
- Cross functional team focuses on the application infrastructure security
- Security & Reliability engineering team focuses on Cloud Infrastructure security
- Chief Security & Reliability officer focuses on all aspects of security
- Director of Security focuses on policies & compliances across company
- All management members and directors share security responsibility on their teams
Platform security
- Shared responsibility model with AWS as Cloud Provider
- Encryption in transit TLS 1.2 and at rest AES-256
- Passwords are stored with strong one-way encryption, Bcrypt with salt & pepper
- Stripe for Credit Card Processing, Stripe certified to PCI Service Provider Level 1
- Always available on multiple regions and availability zones
- Dedicated multi-tenant data protection layer
- Multiple levels of firewalls, policy layers for network and data protection
- DDOS protection, 7/24 DDOS support by AWS
- Excessive logging and monitoring for vulnerabilities and intrusion detection
- Automated configuration assessment
- Changes and deployments are automated and reviewed
- Penetration testing & 3rd Party Pentest
Whitepaper: Security in Opsgenie
Get the details on our security process
Compliance
AWS Cloud Provider
*ISO-9001, ISO-27001, ISO-27017, ISO-27018
*SOC-1, SOC-2, SOC-3
Opsgenie
We rapidly investigate all reported security issues
If you believe you’ve discovered a bug in Opsgenie’s security, please get in touch with us at security@opsgenie.com. We will respond as quickly as possible to your report. We request that you do not publicly disclose the issue until it has been addressed by Opsgenie