Armorblox Trust Center

Overview

Armorblox is a software company that provides a cloud-native email security platform that protects Armorblox customers from cyberattacks through emails. The platform is designed to guard against targeted attacks such as business email compromise, account takeover, and executive impersonation.

Organizations use Armorblox to deploy pre-configured policy actions that block suspicious emails, automate abuse mailbox remediation, and prevent outbound data loss.

Information is a critical asset of Armorblox. Armorblox has established required administrative, preventive and detective policies, procedures, and controls designed to protect critical information of Armorblox and its customers.

Armorblox has established operational requirements that meet security commitments, are in line with relevant laws and regulations, and support other Enterprise Security PaaS System requirements. These operational requirements are communicated in Armorblox’s system policies and procedures, system design documentation, and contracts with customers. The Company has also implemented organization-wide information security policies that define how systems and data are protected.

Our Security Approach includes Security, Privacy, and Compliance. We are committed to continuous improvement and innovation, and as a result, our Security Approach is subject to technical progress and development and will evolve over time. To that end, Armorblox may update or modify the Security Approach described herein from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services subscribed to by Customer.

Security and Privacy Teams

Continuous Improvement is what we embrace

We employ the best of the best. Those that have influenced and improved security and privacy across industries and at companies in very stages of scale and growth. Our processes and policies emphasize constant vigilance, across the team and company as a whole, and we endeavor to provide a highly secure, highly resilient environment, operating at the highest levels of integrity for our customers. Please reach out to us at security@armorblox.com with any questions about this information.

More on Security here.

More on Privacy here.

Security

We focus on security by design throughout the product life cycle. Armorblox shall maintain and continually review in order to make improvements to a documented information security management system in accordance with industry standard practices and accepted frameworks. Personnel shall be made aware of such documentation as needed.

Physical Security

The infrastructure is hosted by GCP. As such, GCP is responsible for the physical security controls for the in-scope system. For more information about GCP security, trust, and compliance please visit https://cloud.google.com/security.

Data Segregation

Armorblox logically separates Customer Data in production environments.

Encryption

Armorblox encrypts data in transit via TLS. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough. Data at rest is encrypted using the AES256 algorithm.

Logical Access

Authorized employees may access the system through the Internet. Employees are authenticated with unique usernames and passwords, as well as using a token-based, two-factor authentication system. Passwords are configured according to Company policy, which requires minimum length and complexity.

Backups

Customer data is backed up in the cloud provider environment and monitored by operations personnel for completion and exceptions. In the event of an exception, operations personnel perform troubleshooting to identify the root cause and then either rerun the backup job immediately or as part of the next scheduled backup job, depending on customer-indicated preference within the documented work instructions.

Availability

Incident response policies and procedures are in place to guide personnel in identifying, reporting and responding to information technology incidents as well as incidents on the network. Procedures exist to identify, report, and act upon system security breaches and other incidents.

Armorblox monitors the capacity utilization of physical and computing infrastructure both internally and for customers to ensure that service delivery matches customer expectations.

Reliability

We are committed to delivering a stable and secure solution. Armorblox has a dedicated SRE (System Reliability Engineering) that works around the clock. All our employees take annual security training as well as continued education in their area of expertise.

Armorblox has implemented security by design and threat modeling through the product life cycle.

Monitoring Controls

Armorblox’s management conducts quality assurance monitoring on a regular basis and additional training is provided based upon the results of monitoring procedures.

A public bug bounty program is in place and continues to mature.

An internal tracking tool is utilized to document and track the results of on-going monitoring procedures. Escalation procedures are maintained for responding to and notifying management of any identified risks.

Risk Management

Armorblox has a robust vendor risk program. Vendors are continuously monitored and vetted.

We complete annual risk assessments across the organization and teams are on the lookout for opportunities to reduce risk and improve our overall company risk posture.

Privacy

The Company’s principal service commitments related to the Enterprise Security PaaS System include the following:

• Armorblox takes reasonable administrative, physical, and technical measures designed to protect customer information from unauthorized access, use, or disclosure.

• In the event Armorblox learns of unauthorized third-party access to or misappropriation of Customer Data, Armorblox will without undue delay, and in any event within 72 hours, notify Customer and will work in good faith to investigate and remediate the incident.

Armorblox’s Privacy Policy can be found here.