The most secure digital experience platform available

Designed from the ground up to meet your security needs

Whether you’re in a highly regulated industry or simply looking for peace-of-mind security, Crownpeak has you covered. Crownpeak’s Digital Experience Management (DXM) platform meets the highest industry standards for security and regulatory compliance. Your organization will benefit from industry-leading security and data protection of Amazon Web Services – but we don’t stop there. You're further protected through layers of independent certifications and audits, along with the inherent security benefits of our decoupled architecture. This combination delivers the strongest security possible for your organization.

Logo for Distinguished AWS Advanced Technology Partners
First-class security with Amazon Web Services

Crownpeak DXM is built on Amazon Web Services (AWS). That means you benefit from the robust security and compliance protections provided by AWS.

Crownpeak is a member of the Amazon Partner Network (APN) and has achieved the Digital Customer Experience Competency. To receive this designation, APN Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

AICPA SOC Certification Privacy BadgePrivacy Shield Certification Privacy BadgeFisma Certification Privacy BadgeTruste Certification Privacy Badge

Independent audits and certifications

We support our deep commitment to protecting customers with an extensive program of operational controls and information security practices. Crownpeak participates in a set of industry-leading independent audits, assessments, and certifications to ensure we continually exceed customers’ security needs, including:

AICPA SOC 2 Type 2 ISAE 3000 FISMA (Moderate – NIST 800-53)
AICPA SOC 2® Type 2 is an internal controls audit and report outlining how a company safeguards its customers' data and how effective its controls are. It is often used by companies evaluating cloud service providers to assess risk. The SOC 2 report provides detailed information and assurance about the controls in place relevant to security, availability, processing integrity, confidentiality, and privacy. ISAE (International Standards on Assurance Engagement) 3000 refers to the standards used during the SOC (system and organizational controls) 2 audit and report. Using the international standards ensures the SOC report can be used by organizations globally. FISMA (Federal Information Security Management Act) is an information security standard designed to protect sensitive data. In addition to being mandatory for any U.S. Federal Government workload, it is also universally adopted as the information security standard for all U.S. financial institutions.
EU-U.S. Privacy Shield Swiss-U.S. Privacy Shield TRUSTe Certified Privacy
In order to demonstrate an adequate level of protection for cross-border data transfers under GDPR, Crownpeak maintains EU-US & Swiss-US Privacy Shield certifications. In order to demonstrate an adequate level of protection for cross-border data transfers under GDPR, Crownpeak maintains EU-US & Swiss-US Privacy Shield certifications. TRUSTe certification demonstrates responsible data collection and processing practices consistent with regulatory expectations and external standards for privacy accountability.

Security advantages of DXM architecture

The Digital Experience Management (DXM) platform has a decoupled content deployment architecture, which means that content management is separated from content delivery. This greatly reduces the public exposure of the platform and resulting security risks. For example, administrative functions and non-live content (e.g., Stage, Dev, Draft, etc.) are not exposed publicly. With other solutions, the software that renders the live website also typically manages all content – even pre-production – increasing exposure and vulnerability. With Crownpeak DXM, public-facing digital experiences can be built in a lightweight, security-focused manner, totally disconnected from the content repository, rather than having to expose an entire CMS application.

graphic of computer
Vulnerability and penetration testing

In addition to regular external/third-party security checks, we allow any customer to vulnerability and penetration test the Crownpeak platform at any time. Our SaaS architecture and regular release process means that all customers automatically benefit from the resulting security patches.

enhanced data security services cover
Data encryption in-transit and at-rest

Crownpeak customers are fully protected with encryption for both data-in-transit and data-at-rest. By leveraging industry-leading and battle-tested encryption methods, you are protected against any unauthorized person or entity attempting data theft or access. Even better, setup is entirely handled by Crownpeak without any additional learning required.

Learn more by downloading the datasheet "Enhanced Data Security Services (EDSS)."

Cybersecurity and Edge Datasheet Cover
Advanced cybersecurity and edge protection

Crownpeak's advanced cybersecurity and edge protection service provides end-to-end protection to help mitigate DDoS attacks  and defend against other vulnerability exploits. From threat intelligence to multilayer protection, we use a combination of strategies to ensure your data, customer information, and digital experiences are protected from a broad range of cyber threats and criminal activity.

Learn more by downloading the datasheet, "Advanced Cybersecurity and Edge Protection"

Security controls for administrators

We all know about the security risks associated with people having access they shouldn’t. In addition to our overall platform security, DXM includes everything enterprises need to easily and effectively manage access and permissions within the platform.

  • Federated authentication: Crownpeak is fully compatible with any SAML 2.0 compliant Federated Identity Management Platform. This simplifies the login experience for your end users and gives infosec administrators greater flexibility to strengthen corporate security.
  • Access control lists: Using inheritance-based access control lists (ACLs), administrators can define access rules for all the content managed by Crownpeak. Group-based ACLs are defined to partition and regulate the functions any given group can perform. Users must have access to both the asset and the function they wish to carry out before they can perform any action on any asset.
  • Workflow management: You can configure as many workflow and approval streams as necessary to support the governance rules of your organization. Every asset within the Crownpeak platform repository is subject to one of the defined workflows, which further restricts when, how, and by whom it may be manipulated.

Related Crownpeak Resources

Graphic of Coverage within a City Skyline

Read the case study

Open blue padlocks in a row with one locked red padlock

Read the ebook

Abstract data points against blue background

Read the blog