Panzura Data Services Security and Privacy Statement

Information security and privacy is in Panzura's DNA - here's how our Data Services solution keeps your information secure

Security by Design 

Panzura Data Services implements a complete microservice architecture, abstracting any infrastructure and thus allowing each tenant and customer to operate on the concept of least privilege. This greatly reduces any threat or attack on the surface area, and external access at the operating system (Linux) or Runtime (JVM) are eliminated. Custom extensions, plug-ins, or any other external code executables are not permitted, which further reduces the attack risks.

Panzura Data Services utilizes various account security features, including token-based MFA, password strength enforcement, and SSO systems such as ADFS. Panzura Data Services also builds in other security features to isolate and ensure each customers’ data and service remains logically and physically separated. By default, all external communication is executed over encrypted TLS. All data persisted and stored in Panzura Data Services is encrypted at rest with AES-256 or stronger bulk ciphers. All cryptography operations are authenticated and entrusted with Panzura Data Services’s Certificate Authority and follow administrative and technical controls. 

Security by Process 

Security by process includes rigorous procedures to re-validate all external, non-Panzura Data Services sourced components. These components include FOSS and includes Elasticsearch itself. Panzura Data Services’s processes continuously scan for vulnerabilities in conjunction with MITRE CVE and other OSINT threat intelligence services. Penetration testing occurs on a regular basis for software components. 

Hosted on and Partnered with Google Cloud Platform

Panzura Data Services is hosted on Google Cloud Platform (GCP). As part of Panzura Data Services’s partnership with GCP, Panzura Data Services regularly reviews the practices and capabilities to ensure optimal physical and logical security measures are applied. 

Other Resources 

For more information about the Privacy Statement in adherence to regulations such as GDPR, CCPA, and the Terms of Service, visit data.panzura.com.

Google Cloud Platform’s statement on compliance and accreditation can be found at https://cloud.google.com/security/compliance