Security Training
CLO-SET requires all engineers to participate in security training operated by the government at least once a year.
QA
CLO-SET's Quality Assurance (QA) department reviews and tests the codebase. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Separate Environments
Testing and staging environments are physically separated from the Production environment. No actual Service Data is used in the development or test environments.
Third-Party Penetration Tests
Every year, CLO-SET employs third-party security experts to perform a broad penetration test.
On-site Security
Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor.
Location
CLO-SET leverages Azure data centers in the United States, Europe, and Asia Pacific. Customers can choose the hosting location of the service data.
Learn more about our regional data hosting options.
Monitoring
All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by CLO-SET staff. Physical security, power, and internet connectivity are monitored by Azure.
Facility
CLO-SET hosts service data in Azure data centers certified by ISO 27001, PCI/DSS Service Provider Level 1, and/ or SOC 2 compliance. Azure data centers use climate control to monitor and maintain optimized conditioned spaces for staff, equipment, and hardware.
DDoS Mitigation
CLO-SET has architected a multi-layer approach to DDoS mitigation. Its core technology partnership with Cloudflare provides network edge defenses. Also, the use of Azure scaling and protection tools provides deeper protection along with the use of Azure DDoS specific services.
Logical Access
CLO-SET Production Network restricts its access by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Security Team. CLO-SET Production Network requires employees to use multiple factors of authentication when accessing the network.
Security Incident
Response
In the case of a system alert, CLO-SET escalates events to its security team that covers operations, network engineering, and security. CLO-SET employees are well-trained with security incident response processes, including communication channels and escalation paths.
Encryption
CLO-SET encrypts all communications on the platform via industry best practices such as HTTPS and Transport Layer Security (TLS) 1.2 over public networks. Customers of CLO-SET benefit from the protections of encryption at rest for their data. Service Data (DB and Files) is encrypted at rest in Azure using AES 256 key encryption.
Protection
CLO-SET network is protected by the uses of key Azure security services, integration with Cloudflare edge protection networks, regular audits, and network intelligence technologies that monitor and/ or block malicious traffic and network attacks. Learn more about Cloudflare CDN security.
SSO (Single Sign-on)
SSO allows clients to authenticate users in their systems without requiring additional login credentials. CLO-SET supports Active Directory, OKTA, and Google O-auth.
API Security & Authentication
CLO-SET API is TLS-only. Clients can authorize against the API using a username and API token.
Role-based Access Control
Role-Based Access Control (RBAC) defines granular access privileges and governs access to data within CLO-SET. CLO-SET has various permission levels for users (Company admin, Brand admin, Company collaborator, Brand collaborator, Editor, Viewer, etc.).
Transmission Security
Transport Layer Security (TLS) encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol. CLO-SET encrypts all communications with its UI and API using industry-standard HTTPS/TLS over public networks, which ensures the security of all traffic in transit between clients and CLO-SET.