Moogsoft Security Policy
Moogsoft integrates security into every phase of its Software Development Lifecycle (SDLC). From the architecture and design phase to regular patching facilitated by our Continuous Integration and Continuous Deployment pipeline. The Moogsoft Cloud web application rapidly adapts to an ever changing threat landscape.
We take the security of our corporate resources just as seriously implementing the Least Privilege and Zero Trust principles internally where able. Additionally, all personnel at Moogsoft undergo annual security awareness training and our developers undergo annual Security SDLC training.
Moogsoft’s infrastructure is hosted in the Amazon Web Services Cloud. Physical and environmental security related controls for our production infrastructure, including buildings, locks or keys used on doors, are managed by AWS.
Web Application Security
Moogsoft processes IT data from sources such as servers, network switches, middleware, application error logs, and the like. Although Moogsoft does not require any non-IT data, any IT telemetry is considered confidential from an IT security perspective. As such, Moogsoft treats all data as sensitive and has put the required controls in place to keep all data fully protected.
Data at Rest
Data at rest is encrypted using AWS KMS and uses AES-256 encryption.
Data in Transit
Data in Transit is protected with TLS 1.2 and above. Cipher suites in use are monitored and updated regularly.
Moogsoft supports SSO authentication using the OIDC protocol.
Moogsoft scans all resources continuously. The Moogsoft Security team partners with Moogsoft Engineering to track, prioritize, and remediate vulnerabilities in a timely manner.
Moogsoft engages with a third party firm to perform an executive penetration test of our systems every year.
Moogsoft is continuously tested via our BugBounty Program. This program is managed via HackerOne