Turbine Cloud Security and Compliance

swimlane turbine enables you to securely access and manage your content technical and physical controls within turbine prevent the disclosure of content and the unauthorized access to content the infrastructure is continuously monitored, and internal and external security staff regularly conduct vulnerability testing swimlane extensively leverages security automation and response to alert suspicious activity across customer and corporate environments internally, confidentiality requirements are communicated to employees through training and policies employees are required to attend security awareness training, which includes information, policies, and procedures related to protecting our customers’ data security swimlane provides a number of security features within turbine cloud, which helps ensure the confidentiality, integrity and availability of customer information data at rest here is how turbine cloud protects your data at rest all customer data and application snapshots are encrypted using the aes256 encryption algorithm before being stored on disk swimlane allows full instance snapshots that support disaster recovery and the rollback of known good application state(s) entries in the swimlane credentials library, as well as user and asset passwords, are encrypted at rest before they are stored in the swimlane database using the aes encryption algorithm with a 256 bit key and a 256 bit salt data in motion swimlane protects your data in motion by using transport layer security, or tls, (versions 1 2 and 1 3) to encrypt data between the swimlane application servers and client browsers, as well as the swimlane database turbine cloud egress ips if you need to allowlist turbine cloud outbound traffic, use the turbine egress ip lookup endpoint to retrieve the current external ip addresses for global turbine instances https //api swimlane io/turbine cloud/metadata saml/sso swimlane supports local user account provisioning, open ldap, microsoft active directory, and saml 2 0 for more information on how swimlane utilizes saml, see two factor authentication account administrators can enable two factor authentication or 2fa for their account and optionally exempt specific users from the requirement if 2fa is not enforced at the account level, individual users may still enable it through their personal settings by default, 2fa is not globally enforced since it requires setup before activation for more information on 2fa and swimlane, see role based access control swimlane limits access to information by using role based access control (rbac) you can apply rbac at every level of objects within swimlane workspaces, dashboards, reports, applications, records and individual records granular controls can be applied down to the individual field level, and all components support the ability to restrict access via user, group or role swimlane can dynamically adjust permissions on a per record basis based on user/group field values, as well for example, if a record is assigned to group a, only group a and administrators will have access to that record if the assignment of the record changes to group b, then only group b and administrators will have access to the records with turbine cloud, administrators also have the ability to separate the account administrator from the orchestrator and playbook designer for more information about rbac, see docid\ gs qkge0b9fbut4puhcwq and the other permissions topics within the turbine guide access to turbine cloud swimlane restricts access to production systems to a handful of employees the list of employees with access to production is audited regularly reporting security vulnerabilities swimlane welcomes reports from security researchers and experts about possible security vulnerabilities in our product to report a security vulnerability in swimlane, please send details to mailto\ security\@swimlane com swimlane does not have a bug bounty program compliance data centers hosting turbine cloud have achieved compliance with iso/iec 27001 2013, 27017 2015, 27018 2019, 27701 2019, 9001 2015, and csa star ccm v3 0 1 additionally, all data centers have completed the following examinations ssae 16 soc 1 type ii soc 2 type ii for more information, see the https //swimlane com/trust center/