Security overview

Data center & network security

Physical security
- Facilities
  
  Tymeshift servers are hosted using Google Cloud Platform. Google’s data centers are PCI DSS, ISO 27017,ISO 27001, SOC 2, and SOC 3 compliant facilities. Data center facilities are powered by redundant power and UPS + backup generators.
- On-site Security
  
  Facilities feature vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders.
- Monitoring
  
  All production are monitored and logically administered by Tymeshift. Physical security, power, and internet connectivity is monitored by Google.
- Location
  
  Tymeshift offers data centers in the United States, Europe, SE Asia, and South America. Customers can choose to locate their Service Data in the US-only or Europe-only*.
  
  *Only available on the Enterprise plan.
Network security
- Security Team
  
  Our Security Team is on call 24x7x365 to respond to security incidents.
- Protection
  
  Our network is protected by redundant firewalls, best-in-class router technology, and secure HTTPS transport over public networks. Additionally, Intrusion Detection and/or Prevention technologies (IDS/IPS) are implemented which monitor and/or block malicious traffic and network attacks.
- Network Vulnerability Scanning
  
  Network security scanning allows quick identification of out-of-compliance or potentially vulnerable systems.
- Logical Network Access
  
  Access to the Tymeshift’s Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is audited and monitored. 2FA is required to access the Production Network.
- Security Incident Response
  
  In case of a system alert, events are escalated to our on call IT who are trained on security incident response processes, including communication channels and escalation paths.
Encryption
- Encryption in Transit
  
  Communications between you and Tymeshift’s servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks.
- Encryption at Rest
  
  All data is encrypted at rest.
Availability & continuity
- Uptime
  
  Tymeshift maintains a publicly available status page which includes system availability details and scheduled maintenance.
- Redundancy
  
  Tymeshift employs automatic application scaling and network redundancies to eliminate single points of failure. Our backup policy ensures data is actively replicated across primary and secondary DR systems.
- Disaster Recovery
  
  Our Disaster Recovery (DR) program ensures that services remain available or are recoverable in the case of a disaster. This is accomplished through geographically distributed environments, and Disaster Recovery plans.
Secure development (SDLC) & Application security
- Security Training
  
  At least annually our team participates in security training and reviews our security controls.
- Separate Environments
  
  Testing and staging environments are separated from the Production environment. No customer data is used in the development or test environments.
- Security Penetration Testing
  
  At least annually, Tymeshift performs internal penetration testing across all production environments.

Security overview

Product security features

Authentication Security
- Authentication Options
  
  We offer our own local sign-in and Google Authentication.
- Password Policy
  
  You can configure your preferred password policy utilizing Google Sign On.
- Two-factor authentication (2FA)
  
  If you are using Google sign-in on, you can turn on 2-factor authentication (2FA).
- Secure Credential Storage
  
  Tymeshift follows secure credential storage best practices by never storing passwords in a human readable format, and only as the result of a salted, one-way hash.
- API Security & Authentication
  
  Our API is SSL-only and you must be a verified user to make API requests. You can authorize against the API using the credentials/key provided in your Tymeshift account.
Privacy certifications
- U.S.-EU Privacy Shield and U.S.-Swiss Safe Harbor programs
  
  Tymeshift is currently pending-review for compliance with the U.S.-EU Privacy Shield and U.S. - Swiss Safe Harbor programs set forth by the United States Department of Commerce.

Security overview

Additional security methodologies

Security Awareness & Confidentiality
- Policies
  
  Tymeshift has developed a set of security policies covering a range of topics. These policies are shared with all employees and contractors with access to Tymeshift information assets.
- Confidentiality Agreements
  
  All new personnel are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.

For more questions on our security practices and compliance please contact us at:

Data center & network security

Physical security

Facilities

On-site Security

Monitoring

Location

Network security

Security Team

Protection

Network Vulnerability Scanning

Logical Network Access

Security Incident Response

Encryption

Encryption in Transit

Encryption at Rest

Availability & continuity

Uptime

Redundancy

Disaster Recovery

Secure development (SDLC) & Application security

Security Training

Separate Environments

Security Penetration Testing

Product security features

Authentication Security

Authentication Options

Password Policy

Two-factor authentication (2FA)

Secure Credential Storage

API Security & Authentication

Privacy certifications

U.S.-EU Privacy Shield and U.S.-Swiss Safe Harbor programs

Additional security methodologies

Security Awareness & Confidentiality

Policies

Confidentiality Agreements

[email protected]