SECURITY & COMPLIANCE
The most secure digital experience platform available
Whether you’re in a highly regulated industry or simply looking for peace-of-mind security, Crownpeak has you covered. Crownpeak’s Digital Experience Management (DXM) platform meets the highest industry standards for security and regulatory compliance. Your organization will benefit from industry-leading security and data protection of Amazon Web Services – but we don’t stop there. You're further protected through layers of independent certifications and audits, along with the inherent security benefits of our decoupled architecture. This combination delivers the strongest security possible for your organization.
Crownpeak DXM is built on Amazon Web Services (AWS). That means you benefit from the robust security and compliance protections provided by AWS.
Crownpeak is a member of the Amazon Partner Network (APN) and has achieved the Digital Customer Experience Competency. To receive this designation, APN Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.
“Everyone knows that Amazon has built their reputation on their security and data protection practices, so when we learned that Crownpeak’s platform was hosted with Amazon, we knew our customers would feel at ease.”
- Sean Brasher, Sr. Director Web Technology, Healthgrades
We support our deep commitment to protecting customers with an extensive program of operational controls and information security practices. Crownpeak participates in a set of industry-leading independent audits, assessments, and certifications to ensure we continually exceed customers’ security needs, including:
- AICPA SOC 2 Type 2
- ISAE 3400 annual operation control audit
- FISMA (Moderate – NIST 800-53) information security certification
- Swiss-U.S. Privacy Shield
- EU-U.S. Privacy Shield
- TRUSTe Certified Privacy
The Digital Experience Management (DXM) platform has a decoupled content deployment architecture, which means that content management is separated from content delivery. This greatly reduces the public exposure of the platform and resulting security risks. For example, administrative functions and non-live content (e.g., Stage, Dev, Draft, etc.) are not exposed publicly. With other solutions, the software that renders the live website also typically manages all content – even pre-production – increasing exposure and vulnerability. With Crownpeak DXM, public-facing digital experiences can be built in a lightweight, security-focused manner, totally disconnected from the content repository, rather than having to expose an entire CMS application.
In addition to regular external/third-party security checks, we allow any customer to vulnerability and penetration test the Crownpeak platform at any time. Our SaaS architecture and regular release process means that all customers automatically benefit from the resulting security patches.
Crownpeak customers are fully protected with encryption for both data-in-transit and data-at-rest. By leveraging industry-leading and battle-tested encryption methods, you are protected against any unauthorized person or entity attempting data theft or access. Even better, setup is entirely handled by Crownpeak without any additional learning required.
Learn more by downloading the datasheet "Enhanced Data Security Services (EDSS)."
Crownpeak's advanced cybersecurity and edge protection service provides end-to-end protection to help mitigate DDoS attacks and defend against other vulnerability exploits. From threat intelligence to multilayer protection, we use a combination of strategies to ensure your data, customer information, and digital experiences are protected from a broad range of cyber threats and criminal activity.
Learn more by downloading the datasheet, "Advanced Cybersecurity and Edge Protection"
We all know about the security risks associated with people having access they shouldn’t. In addition to our overall platform security, DXM includes everything enterprises need to easily and effectively manage access and permissions within the platform.
- Federated authentication: Crownpeak is fully compatible with any SAML 2.0 compliant Federated Identity Management Platform. This simplifies the login experience for your end users and gives infosec administrators greater flexibility to strengthen corporate security.
- Access control lists: Using inheritance-based access control lists (ACLs), administrators can define access rules for all the content managed by Crownpeak. Group-based ACLs are defined to partition and regulate the functions any given group can perform. Users must have access to both the asset and the function they wish to carry out before they can perform any action on any asset.
- Workflow management: You can configure as many workflow and approval streams as necessary to support the governance rules of your organization. Every asset within the Crownpeak platform repository is subject to one of the defined workflows, which further restricts when, how, and by whom it may be manipulated.