At Segment, Security is a part of our lifeblood. As the industry-leading Customer Data Platform (CDP), we take responsibility in helping you manage your customer data. We want you to have confidence in how your customer data is collected, transported, and stored. Today, our Standard Services upholds industry-accepted security practices, protecting your data at rest and in transit. Segment maintains full-coverage ISO 27001 and SOC 2 Type 2 attestations covering all five Trust Services Criteria - Security, Availability, Processing, Integrity, Confidentiality, and Privacy - on an annual basis, along with annual application pentests.
We continue to invest in security programs designed to protect customer data. Today, we’re excited to launch Enhanced Security Services! Enhanced Security Services enables our customers to stay ahead of the complex threat landscape, detect breaches within 24 hours, and provide unmatched visibility into their security posture.
With this additional peace of mind, customers benefit from:
A 24-hour Incident Response Service Level Agreement notification on confirmed incidents
Advanced, custom alerting, unique to your workspace(s)
Routine, proactive health checks that include security-control audits
An allowance of Security hours per year
On-site and/or extended customer-audit support
Annual penetration-testing support
What’s included in Enhanced Security?
Our Enhanced Security service includes 24/7 incidence response, Workspace Security Report, Audit and Penetration test Support, and Concierge Services.
24/7 Incidence Response: Within 24 hours of sending a Security Incident Notification, Segment will describe the mitigation steps taken and any compensating controls that the customer must take. Support will be provided 24/7.
Penetration Testing Support: Customers may request a penetration test once during each 12-month period.
Audit Support: Segment will provide customers with completion of one security questionnaire to confirm compliance with the DPA, allow customers to inspect relevant policies, standards and work papers in accordance with Segment’s security program, as well as Segment’s most recent SOC and ISO certifications/attestations.
Concierge Service: This will include a monthly call to review and discuss matters identified within the Custom Workspace Security Report with a member of the Segment Enhanced Security Services Support Team.
Workspace Security Report: Personalized, automated security-health check and routine workspace audit report, sent to your company’s Security point of contact, regarding:
Alerting on domains/users that are impersonating your brand for malicious purposes.
Alerting on customer workspace data leakages (e.g. customer destination resources like a database URI is identified in locations where they shouldn’t be, such as public source code repositories)
How does Enhanced Security Services differ from Segment’s Standard Security?
Enhanced Security Services are services that are separate and distinct from the Segment platform. As a reminder, Segment is secure and private by default. This is why:
We have an ISO 27001-based security program, which means we are continuously evaluating, refining, and augmenting our security offerings.
We have SOC 2 Type II report that covers all of the SOC 2 Trust Services Criteria (TSC): Security, Availability, Confidentiality, Processing Integrity, and Privacy. Many companies have a SOC 2 report, but most don’t have all five TSCs. This means we've exceeded a standard of SOC 2 security attestation.
We use Amazon Web Services for our datacenter, which means our customers benefit from AWS’s comprehensive security practices and compliance certifications.
We believe that Security is everyone’s responsibility and that Security extends beyond just technology and processes. That’s why we have a Bug Bounty program and are committed to leveraging the expertise of security researchers that are willing to go above and beyond traditional security assessments in order to ensure the confidentiality, integrity, and availability of our products.
To learn more about our Enhanced Security Services, talk to an expert. Learn more about Security by heading over to Security. New to Segment? Sign up for a demo to learn how Segment can help you better understand your customers and engage with them effectively.
How to collaborate across marketing & engineering teams when purchasing new technology
Learn how to align and collaborate across marketing and engineering teams, especially when it comes to launching new marketing software that benefits them both.
AI + Personalization: 5 Ways to Use It
Companies that use AI and a CDP can create strong, personalized campaigns that are unique to their customers. This blog explores 5 use cases, complete with examples.
Four recent GDPR changes your business needs to know about
We cover GDPR changes: AI's impact, updated cookie banners, cross-border enforcement law, EU-U.S. Data Privacy Framework; Twilio Segment's role in GDPR compliance through consent, PII protection, local data processing.