OPTIMIZE SECURITY

Relentless commitment to your website’s security

Your website is crucial to your business, which is why we ensure the highest security protections at all layers of the technology stack.

Enterprise-grade hosting and security

Trusted by many of the world’s biggest brands

Every day, your website is at risk for security breaches. Attacks can come, without warning, from anywhere in the world and target any part of your digital operations. A robust, secure application services infrastructure is crucial to protect your business and the hard-earned trust you’ve built with your customers.

At Crownpeak, our services are trusted to support the websites of some of the world’s biggest brands, many in highly-regulated industries. Our resilient and secure application service infrastructure is backed by Amazon Web Services (AWS), the leading provider of Cloud Computing solutions available today. This, together with our comprehensive program of operational control audits, security and privacy certifications, and world-class high-availability engineering, deliver enterprise-grade reliability and performance.

Hosting

All of our SaaS products are managed and maintained on Amazon Web Services (AWS). AWS has built its reputation on security best practices and has robust controls in place to maintain security and data protection in the cloud. As an AWS Advanced Technology Partner you can be sure that we meet the highest standards for security and regulatory compliance.
 
While a robust and secure hosting infrastructure is essential, we also ensure that the same level of control and oversight extends to the operation of our application services:

  • SSAE 16: We maintain our own program of audits and publish an annual independently audited Service Organization Controls (SOC 2), Type II report, which verifies that all our control objectives are appropriately designed and that the controls safeguarding customer data are operating effectively. This audit is conducted according to the international ISAE 3402 standard for our non-US customers.
  • Federal Information Security Management Act (FISMA): We hold a US FISMA certification - one of the highest levels of information security compliance recognition.
  • TRUSTe Cloud Privacy: Crownpeak has been awarded TRUSTe's Privacy Seal signifying that our privacy policy and practices are compliant with TRUSTe Cloud Privacy program requirements, including: transparency, accountability and choice regarding the collection and use of personal information


Security Methodology

At Crownpeak, we follow secure software development best practices, which include formal design reviews by the internal Crownpeak security team, threat modeling, completion of risk assessment, and static code analysis as well as recurring penetration testing by carefully selected, independent industry experts.

Network and application security: Crownpeak applications operate as hybrid multi-tenant environments, in which stateless infrastructure is shared across all customers, while stateful services such as database and file systems, are partitioned between customers.

  • No Crownpeak customer’s data co-resides with that of any other customer.
  • Intrusion detection software is standard across Crownpeak’s entire infrastructure.
  • In addition, Crownpeak offers additional services that provide support for encryption of data at rest in both the CMS and web hosting environments.


Backups and disaster recovery

The Crownpeak hosting and service application architecture is distributed across multiple AWS Availability Zones. This ensures all Crownpeak services continue to operate even in the event of a catastrophic failure involving the loss of a complete Availability Zone.

  • Full backups are performed regularly and stored remotely.
  • All repositories are configured to fail over automatically.
  • Crownpeak also offers Inter-Regional Disaster Recovery as an additional service.
Positioned as a visionary three years in a row.
2016 Gartner Magic Quadrant for Web Content Management.
Download the report