Now, more than ever, Information Security is a topic that should not be taken lightly. All organizations are vulnerable through technology, and it is imperative that risk is managed on a daily basis. Netreo realizes the only way to safeguard against threats is to take a holistic approach to manage our technology, people, and processes.
At Netreo, we understand that a network and infrastructure monitoring system requires extremely deep access to customer environments in order to provide the sophisticated management data required. We have always believed that it is critical that our company, our systems, and our software are always built with a “security first” mindset and process.
To this end, while our exact methods and tools remain confidential to protect our company and customers, we can share some of our essential security guiding principles that provide our community with the confidence we need.
Secure Coding Standards
- Clear and documented secure coding standards
- Architect-level code reviews of all code before code merges
- Periodic full source code scans for coding standard adherence
- Full security scanning and automated penetration testing during every regression test
- Isolated and digitally signed code repositories with role-based access control
Secure Product and Platform Standards
- Security checklist for each feature design
- Encryption at rest (e.g. unique encryption keys for each customer instance)
- End-to-end encrypted communications wherever possible
- Onboard firewalls and intrusion detection on all system components
- Standards-based protocols
- Cryptographically-secure digital signature verification of all installed code
- Cloud and on-prem availability for all components
- Completely isolated data for all cloud customers
- The ability to run completely ‘disconnected’ from the Internet to support ‘air gapped’ and highly-secure environments
“Trust But Verify” HR Policies
- Employee-first approach to technical hires
- Extensive security background checks for all employees
- Standard secure coding training for all technical employees
- Ongoing security awareness training for all employees