Our security follows three themes:
Telemetry will lead our peers in cloud and product security.
Telemetry will meet all customer requirements for cloud security and exceed requirements for industry security standards and certifications.
Telemetry will remain open and transparent about our programs, processes, and metrics.
Security of our product and platform
Security of our cloud environments and connection points
Anticipating, detecting and responding to security incidents
Internal security with respect to our internal network and infrastructure
Security built into the software development processes
Ensuring our employees and partners know how to work securely
Telemetry practices a layered approach to security for our networks. We implement controls at each layer of our cloud environments, dividing our infrastructure by zones, environments, and services. We have zone restrictions in place that include limiting office/staff, customer data, and network traffic. We also have environment separation to limit connectivity between production and non-production environments, and production data is not replicated outside of production environments. Access into production networks and services is only possible from within those same networks – e.g. only a production service can access another production service.
Never Trust. Verify. Access to all systems and resources (Corporate, Development, Infrastructure, Data, Networking) are all based on positive verification and the correct ability to access such resources regardless of users’ role, location, status, etc.
Telemetry engages with security partners to proactively probe our applications and infrastructure to determine weaknesses and evaluate our security posture.
All data is encrypted in transit and at rest. No exceptions. We do not store any unnecessary data such as payment methods.
All exposed surfaces, internal networks, servers and contains are constantly scanned and evaluated as new threats emerge.