← Back to Home

Security

Your infrastructure data is critical. We take security seriously at every layer.

Our Security Commitment

Prism is built with security as a foundational principle. We understand that you're entrusting us with sensitive infrastructure data, and we've implemented comprehensive security measures to protect it. Our platform undergoes regular security audits and penetration testing to ensure we meet the highest standards.

Security Features

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive credentials
  • Automatic key rotation every 90 days

Access Control

  • Multi-factor authentication (MFA) support
  • Role-based access control (RBAC)
  • Single Sign-On (SSO) with SAML 2.0
  • API key management with granular permissions

Monitoring & Auditing

  • Complete audit logs of all user actions
  • Real-time security event monitoring
  • Automated anomaly detection for access patterns
  • 90-day audit log retention (customizable for enterprise)

Compliance

  • SOC 2 Type II certified
  • GDPR compliant
  • HIPAA compliance available for enterprise
  • Regular third-party security audits

Infrastructure Security

  • Hosted on SOC 2 certified cloud providers
  • Network isolation and VPC segmentation
  • Automated security patching
  • Regular penetration testing

Data Protection

  • Data residency options available
  • Automatic backup and disaster recovery
  • Zero-knowledge architecture for sensitive data
  • Secure data deletion upon account termination

Secure Architecture

Prism is designed with a defense-in-depth approach:

  • Read-only access: Prism only reads from your Prometheus instances, never writes or modifies data
  • Network security: All connections are encrypted and can be restricted to specific IP ranges
  • Credential management: Prometheus credentials are encrypted and stored in a secure vault
  • Data isolation: Each organization's data is logically isolated with strict access controls

Incident Response

We maintain a comprehensive security incident response plan:

  • 24/7 security monitoring and alerting
  • Dedicated security team for rapid incident response
  • Customer notification within 24 hours of confirmed security incidents
  • Post-incident reviews and remediation tracking

Third-Party Security

We carefully vet all third-party services:

  • All vendors undergo security assessments before integration
  • Minimal data sharing with third parties (only as necessary for service delivery)
  • Contractual security requirements for all vendors
  • Regular vendor security reviews

Employee Security

Our team follows strict security protocols:

  • Background checks for all employees
  • Regular security training and awareness programs
  • Principle of least privilege for system access
  • Mandatory MFA for all internal systems

Vulnerability Management

We maintain a proactive approach to security vulnerabilities through regular security scanning, dependency updates, and a responsible disclosure program. If you discover a security vulnerability, please report it to security@prismhq.io.

Security Documentation

Need more detailed security information? Enterprise customers can request our complete security whitepaper, SOC 2 reports, and penetration test summaries.

Contact: security@prismhq.io