SECURITY & COMPLIANCE

The most secure digital experience platform available

Designed from the ground up to meet your security needs

Whether you’re in a highly regulated industry or simply looking for peace-of-mind security, Crownpeak has you covered. Crownpeak’s Digital Experience Management (DXM) platform meets the highest industry standards for security and regulatory compliance. Your organization will benefit from industry-leading security and data protection of Amazon Web Services – but we don’t stop there. You're further protected through layers of independent certifications and audits, along with the inherent security benefits of our decoupled architecture. This combination delivers the strongest security possible for your organization.

aws partner logo
First-class security with Amazon Web Services

Crownpeak DXM is built on Amazon Web Services (AWS). That means you benefit from the robust security and compliance protections provided by AWS.

Crownpeak is a member of the Amazon Partner Network (APN) and has achieved the Digital Customer Experience Competency. To receive this designation, APN Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

Independent audits and certifications

We support our deep commitment to protecting customers with an extensive program of operational controls and information security practices. Crownpeak participates in a set of industry-leading independent audits, assessments, and certifications to ensure we continually exceed customers’ security needs, including:

  • AICPA SOC 2 Type 2
  • ISAE 3400 annual operation control audit
  • FISMA (Moderate – NIST 800-53) information security certification
  • Swiss-U.S. Privacy Shield 
  • EU-U.S. Privacy Shield 
  • TRUSTe Certified Privacy

AICAPA SOC Certification Privacy LogoPrivacy Shield Certification Privacy LogoFisma Certification Privacy LogoTruste Certification Privacy Logo

Security advantages of DXM architecture

The Digital Experience Management (DXM) platform has a decoupled content deployment architecture, which means that content management is separated from content delivery. This greatly reduces the public exposure of the platform and resulting security risks. For example, administrative functions and non-live content (e.g., Stage, Dev, Draft, etc.) are not exposed publicly. With other solutions, the software that renders the live website also typically manages all content – even pre-production – increasing exposure and vulnerability. With Crownpeak DXM, public-facing digital experiences can be built in a lightweight, security-focused manner, totally disconnected from the content repository, rather than having to expose an entire CMS application.

graphic of computer
Vulnerability and penetration testing

In addition to regular external/third-party security checks, we allow any customer to vulnerability and penetration test the Crownpeak platform at any time. Our SaaS architecture and regular release process means that all customers automatically benefit from the resulting security patches.

datasheet cover
Data encryption in-transit and at-rest

Crownpeak customers are fully protected with encryption for both data-in-transit and data-at-rest. By leveraging industry-leading and battle-tested encryption methods, you are protected against any unauthorized person or entity attempting data theft or access. Even better, setup is entirely handled by Crownpeak without any additional learning required.

Learn more by downloading the datasheet "Enhanced Data Security Services (EDSS)."

datasheet cover
Advanced cybersecurity and edge protection

Crownpeak's advanced cybersecurity and edge protection service provides end-to-end protection to help mitigate DDoS attacks  and defend against other vulnerability exploits. From threat intelligence to multilayer protection, we use a combination of strategies to ensure your data, customer information, and digital experiences are protected from a broad range of cyber threats and criminal activity.

Learn more by downloading the datasheet, "Advanced Cybersecurity and Edge Protection"

Security controls for administrators

We all know about the security risks associated with people having access they shouldn’t. In addition to our overall platform security, DXM includes everything enterprises need to easily and effectively manage access and permissions within the platform.

  • Federated authentication: Crownpeak is fully compatible with any SAML 2.0 compliant Federated Identity Management Platform. This simplifies the login experience for your end users and gives infosec administrators greater flexibility to strengthen corporate security.
  • Access control lists: Using inheritance-based access control lists (ACLs), administrators can define access rules for all the content managed by Crownpeak. Group-based ACLs are defined to partition and regulate the functions any given group can perform. Users must have access to both the asset and the function they wish to carry out before they can perform any action on any asset.
  • Workflow management: You can configure as many workflow and approval streams as necessary to support the governance rules of your organization. Every asset within the Crownpeak platform repository is subject to one of the defined workflows, which further restricts when, how, and by whom it may be manipulated.

Related Crownpeak Resources

city skyline

Read the case study

colored locks

Read the ebook

abstract data points

Read the blog