Malware_hero_image_1
    Security

    Security at Guardsquare

    Guardsquare is committed to safeguarding your data. We implement a multi-layered defense strategy and conform to enterprise-grade best practices to ensure the utmost security for our customers.

    Data privacy

    Guardsquare takes privacy seriously, and we work to minimize the data that needs to be collected in using our products while also handling any data we do collect responsibly and securely.

    Our mobile application protection software (DexGuard and iXGuard) are designed to require only basic personal information of a registered user in order to access and download our software. Guardsquare does not require you to provide a copy of your application source code or binary in order to apply our protections, as all protection and processing of your application is done locally in your development environment. DexGuard and iXGuard offer two modes of operation: a guided configuration, which collects basic metadata about your application during profiling in order to safely apply our security protection features, and a manual configuration, which requires no data sharing with Guardsquare.

    Guardsquare offers additional optional SaaS products such as AppSweep and ThreatCast, which do process or collect further information about your application during analysis or at runtime. All data collected is strictly required to deliver the service and is processed under your direction in accordance with our Data Processing Agreement.

    In addition to our products, Guardsquare may collect personal data directly from you during your interactions with our company. Any such circumstances and how we handle your data is detailed in our Privacy Policy.

    Security standards

    Guardsquare conforms to the internationally recognized CIS Critical Security Controls framework to protect its systems and data from cyberattacks. This framework provides a comprehensive approach to security, focusing on the most effective actions to prevent, detect, and respond to threats.

    ciscontrols-1

    Product security

    Hosting and security: Guardsquare SaaS products are hosted on Google Cloud Platform (GCP), leveraging Google's secure data centers. We operate under a shared responsibility model, with GCP's security, privacy, and compliance independently verified and certified.

    Vulnerability management: Our GCP infrastructure undergoes continuous vulnerability scanning to identify and address risks like unpatched software, misconfigurations, and potential malware. This proactive approach helps us maintain the security of our SaaS services.

    Thorough testing: Our Engineering teams follow a rigorous software development lifecycle. All changes undergo comprehensive testing, including source code reviews, security assessments, functional and performance testing, typically by an independent reviewer. Separate environments for development and testing ensure production safety.
    Data protection: For SaaS products, customer data is encrypted both in transit and at rest using AES256 encryption. Data is transferred over TLS (v1.2+) connections.
    Encryption key handling: GCP manages encryption keys for data in transit and at rest using envelope encryption and its internal key management service.

    Data separation: Guardsquare products are built on multi-tenant infrastructures, with strict coding standards and unique customer identifiers ensuring logical separation of customer data.

    Internal reviews: Security design reviews and peer code reviews are conducted for all product features. Annual penetration tests and release reviews address any security vulnerabilities.

    External audits: Third-party firms perform annual penetration tests to identify and mitigate potential vulnerabilities in Guardsquare applications and infrastructure.

    Production infrastructure: We use GCP's Cloud Snapshots for backup, with snapshots stored in a separate EU region for disaster recovery. Database backups occur daily and are retained for seven days, and storage snapshots are distributed across multiple zones for resilience.

    Development infrastructure: Development infrastructure is backed up locally and offsite, with varying retention schedules. Critical services are backed up daily and retained for five weeks, while other backups are kept for three weeks. Restoration tests are conducted biannually.

    Access reviews: Quarterly access reviews on in-scope systems ensure only authorized personnel have access. These reviews complement our automated controls, with governance led by our Chief Information Officer.

    Change management: Our Systems Change Management Policy standardizes how changes to production environments are handled, minimizing the risk of unauthorized modifications.

    Employee responsibilities: All employees must review the Acceptable Use Policy (AUP) and sign a confidentiality and non-disclosure agreement (NDA) to protect proprietary and customer information.

    Training and awareness: New hires complete general security training in their first week, and all employees participate in monthly micro-trainings and periodic phishing simulations to maintain high security awareness. All developers are required to undergo ad-hoc application security training using vendor-supplied resources.

    Security incident management: Guardsquare has a detailed incident management process for detecting and responding to, mitigating, and recovering from security incidents. Incidents can be reported to security@guardsquare.com. Our plan includes defining roles, communication channels, and incident response playbooks.

    Physical & data center security

    Guardsquare SaaS products are hosted on Google Cloud Platform (GCP), leveraging Google's secure data centers located in the European Union (EU). We operate under a shared responsibility model, with GCP's security, privacy, and compliance independently verified and certified.

    Their data centers are certified to ISO 27001, ISO 27017, and ISO 27018 standards and are regularly subjected to SOC 2 Type II audits.

    aicpa-large