6/3/2023 0 Comments Data guardian squarespaceSquarespace analyzes identified or potential threats to Squarespace and its customers, and takes reasonable actions where necessary. In the event of an issue related to the security of the Squarespace platform, the Squarespace security team follows a formal incident response process. Regular pen testing is performed on the Squarespace platform by Squarespace’s security team as well as a third party, the results of which are analyzed and remediated (as appropriate) by our engineering and security teams.Ĭustomers are provided the ability to customize website permissioning. Squarespace utilizes Web Application Firewall (WAF) technology. Two-factor authentication (2FA) is available on Squarespace member accounts for an added layer of security. Squarespace hashes passwords for user accounts. Squarespace offers HSTS (HTTP Strict Transport Security) which encrypts the content served during sessions and only allows Squarespace customer websites to be accessed via HTTPS. Squarespace leverages SSL certificates to encrypt data in-transit between website end users and customer domains. Results of testing are leveraged to improve plans where necessary. Squarespace has business continuity disaster recovery plans which are tested periodically. Squarespace has dedicated teams located in multiple geographies to support our platform and supporting infrastructure. Squarespace has implemented solutions designed to protect against and mitigate effects of DDoS attacks. Squarespace leverages geographically separate data centers and cloud service provider availability zones to facilitate infrastructure and service availability and continuity. Our data center and cloud service providers utilize an array of security equipment, techniques, and procedures designed to control, monitor, and record access to the facilities. Squarespace leverages leading data center and cloud service providers to house our physical and cloud infrastructure. Provide security awareness training to Squarespace employees and provide mechanisms for employees to reach directly out to the security team with questions.ĭata Center, Cloud Providers, and Business Continuity/Disaster Recovery Leverage industry security and compliance frameworks where relevant and applicable. Implement measures designed to manage risks and potential impacts to an acceptable level. Manage security utilizing a risk based approach. Perform threat modeling exercises when building new or materially modifying existing systems, components, and platforms to confirm proper protection and handling of data. Periodically perform internal Red Teaming operations, to confirm control effectiveness and identify areas for improvement. Support secure infrastructure, platform, and feature development. Leverage security to facilitate confidentiality, integrity, and availability of data and assets.Īnalyze identified or potential threats to Squarespace and its customers and provide reasonable remediation recommendations.Īctively monitor Squarespace environments and utilize the intelligence gathered to continuously improve our security program. The Squarespace security team is responsible for developing, implementing and maintaining an information security program that reflects the following:Īlign security activities with Squarespace’s strategies and support Squarespace’s objectives. Squarespace implements and maintains technical and organizational security measures to protect company and customer assets and data. Squarespace has a dedicated security team that guides the implementation of controls, processes, and procedures governing the security of Squarespace and its customers. Capitalized terms that are not defined in these Security Measures have the meanings set forth in the Terms of Service or the Data Processing Addendum.
0 Comments
Leave a Reply. |