Security at Insider
Enterprise-grade data protection and data privacy
Insider’s approach to security is both programmatic and precise. It combines a team of dedicated experts, policy makers, and partners with the application of critical tools, certifications, and technologies. Your information — and your customers’ information — is safeguarded from one end of the Insider Growth Management Platform (GMP) to the other.
A dedicated team of security experts
Insider’s Chief Information Security Officer (CISO) and Data Privacy Officer (DPO) lead an experienced team of security professionals. They develop and deploy the architectures, policies, and procedures that secure your information. The team includes experts in DevSecOps, Governance Risk and Compliance (GRC), application and infrastructure security, and beyond. Third-party vendors deliver an objective perspective. Security champions, embedded in research and development, ensure security is built into each of our products and services.
An organizational commitment to security
Security isn’t just for the experts. It extends across Insider’s organization. Everybody receives security training from the start — including full awareness of Insider’s contractual obligations for data security. Periodic education, tests and exams and continuous communication keep the entire organization up to date on emerging threats and procedures to combat them.
System security and safeguards
As you engage with Insider’s GMP, your data — and your customers’ data — enters and integrates with our systems. It’s safe.
- Anti-malware and antivirus protection is installed and monitored on all endpoints.
- Assessment and scanning tools actively detect and mitigate OS and application vulnerabilities.
- Rotating, third-parties perform penetration testing to eradicate vulnerabilities.
- Production environment is hosted by Amazon Web Services (AWS) — the highest security standards in its industry.
- Entire infrastructure is protected by layered defense: FireWall, VPN, segregation, and threat and traffic detection across applications, architecture, and network.
- Outside vendors and partners must be certified, reviewed, and validated for compliance.
Insider’s achievements in security standards and certifications attest to our standing as a security leader.
- ePrivacyseal — Insider’s GMP was among the first to achieve the ePrivacyseal of approval. The certification is based on European data protection legislation and covers the requirements of the General Data Protection Regulation (GDPR) for digital products.
- ISO/IEC 27000-series — ensures information assets such as financial data, intellectual property, and employee and personal identification details are kept safe and private. (https://useinsider.com/iso-270012013-information-safety-management-system-certificate/)
- SOC 2 Type 1 Report — Provides information about the controls at Insider relevant to the data processed and stored by the Insider’s system and the five trust services criteria categories as noted below:
- Processing Integrity
- Confidentiality, and/or
Development security and disaster recovery
The Insider development environment and lifecycle adheres to leading standards for security such as Open Web Application Security Project (OWASP) recommendations. It’s monitored across data centers on both server and application levels. Security and application logs are continuously (24×7) reviewed by a Network Operations Center (NOC) and the Insider security team.
Robust disaster recovery, resiliency measures and business continuity plans are also in place — including storage in multiple geographies and a full playbook for operational continuity in the event of natural disasters or system failures.
A protected platform
Insider’s investment in and commitment to security is ultimately reflected by its platform. It offers enterprise-grade security features, tools, and safeguards that users can rely on with complete confidence.
Multi-factor authentication — Two or more methods of authentication are required to login.
Password management — Passwords must fulfill minimum requirements. They are salted during the hashing process and never stored in cleartext.
Account lockout — Multiple unsuccessful login attempts result in a locked account.
Single Session – Single Session provides extra security for your account and prevents multiple sessions at the same time.
IP-based Sessions – Your session ends when your IP address changes during or after the session.
Session Timeout – Sessions are set to expire upon 30 minutes of inactivity, continuous sessions will timeout after 1 day.
Role-based access controls — Access is granted under strict procedures and is regularly monitored and audited.
Secured customer data — Data is stored separately with unique personal data encryption keys and only accessed for the purpose of content delivery.
Data segregation — Insider’s cloud infrastructure is broken into separate services and regions with load balancers for uninterrupted, continuous operation.
Encryption in transit — Web servers support strong encryption protocols such as SSL and TLS 1.3 to secure data in transit and through API connections.
Encryption at rest — Personal data is stored in encrypted RDS – Relational Database Service with a stronger encryption algorithm (AES256 Encryption Algorithm).
Data upload protection — Multiple measures are implemented to scan and test any data that is uploaded into the platform.
Insider has a comprehensive activity monitoring system that stores logs at all account levels for signing in/out to/from user accounts, creating users, setting user permissions and password changes, and creating, deleting, updating, starting and/or pausing campaigns.
Subresource Integrity (SRI)
SRI enables you to add an integrity attribute to your Insider tag which is a unique script generated for your account. This attribute contains an inline metadata. A user agent can use this metadata to verify that a fetched resource has been delivered free of any unexpected manipulation.
User Management enables you to assign roles to your team members. These roles define what your team members are authorized to do on your account.
IP Restriction enables you to restrict the IP addresses that can access Insider’s panel (InOne). You can configure IP addresses to prevent or limit access to specific users or agents.
Like to know more?
Contact the insider security team: firstname.lastname@example.org