Security manifesto from mParticle’s CISO
We are committed to providing the most secure Customer Data Platform (CDP) on the market and prioritizing our customers' data privacy.
At mParticle, the security of our platform and our customers’ data is of paramount importance. We are committed to providing the most secure Customer Data Platform (CDP) on the market.
Having recently joined mParticle as the company’s first Chief Information Security Officer, I was delighted to find that security had been baked into the mParticle infrastructure, application, and company culture from the company’s formation.
After working at much larger organizations, it has been refreshing to join such a nimble and security-conscious company. Every individual at mParticle understands that they are part of the security ecosystem and that they hold a shared responsibility to protect our environment. The introduction of a dedicated security team reaffirms the company’s commitment to providing best-in-class security.
Being a cloud-native product, mParticle leverages the power and stability of Amazon’s AWS platform and takes advantage of the many advanced security features of the service, including strong authentication using multiple factors, clearly defined and enforced role-based access control, extensive logging, and industry-leading cryptographic services such as CloudHSM and KMS.
Our SDKs have been designed to offer advanced protection to customer data, using TLS and certificate pinning to encrypt data in transit. Once data is received by the mParticle API, it is encrypted at rest in the various stages of its journey through our AWS environment and again in transit when passed on to your chosen providers.
In addition to an array of technical measures to prevent unauthorized access to customer data, mParticle follows the principle of least privilege and strictly enforces role-based access control, ensuring that the bare minimum number of staff have access to any customer data. All staff and contractors are required to undertake comprehensive background checks and receive regular, targeted security awareness training before gaining access to company resources.
Our security team is on call 24/7 and collaborates closely with our operations team to maintain the availability, integrity, and confidentiality of our system at all times. To further check the security of our platform and our processes, we engage expert third-party consultants to perform a range of regular penetration testing services against our application, infrastructure, and staff. This process helps us identify and address issues efficiently to ensure we are operating securely on an ongoing basis.
To further ensure that we are following (or exceeding) industry best practices, we are in the process of aligning our security program with a number of third-party compliance certifications. We expect to gain both SOC2 and ISO27001 compliance certification during 2018.
Latest from mParticle
New customer data platform research sets the record straight
Of the many companies calling themselves CDPs, fewer than 1 in 5 actually are one, says a new Winterberry Group report. Learn why.
Combine omnichannel data across offline and online touchpoints for a more contextual customer experience
Learn how to leverage mParticle to enhance targeting with geolocation data across today’s most critical marketing channels.
Get started with mParticle today
Connect with an mParticle expert to discuss how to integrate and orchestrate customer data the right way for your business.