Proactively Protect with Enhanced Security Services

Enhanced Security Services enables our customers to stay ahead of the complex threat landscape, detect breaches within 24 hours, and provide unmatched visibility into their security posture.

By Sonia Sidhpura, Michael Tan, Bryn Saunders

At Segment, Security is a part of our lifeblood. As the industry-leading Customer Data Platform (CDP), we take responsibility in helping you manage your customer data. We want you to have confidence in how your customer data is collected, transported, and stored. Today, our Standard Services upholds industry-accepted security practices, protecting your data at rest and in transit. Segment maintains full-coverage ISO 27001 and SOC 2 Type 2 attestations covering all five Trust Services Criteria - Security, Availability, Processing, Integrity, Confidentiality, and Privacy - on an annual basis, along with annual application pentests.  

We continue to invest in security programs designed to protect customer data. Today, we’re excited to launch Enhanced Security Services! Enhanced Security Services enables our customers to stay ahead of the complex threat landscape, detect breaches within 24 hours, and provide unmatched visibility into their security posture.

With this additional peace of mind, customers benefit from: 

  • A 24-hour Incident Response Service Level Agreement notification on confirmed incidents

  • Advanced, custom alerting, unique to your workspace(s)

  • Routine, proactive health checks that include security-control audits 

  • An allowance of Security hours per year

  • On-site and/or extended customer-audit support 

  • Annual penetration-testing support

What’s included in Enhanced Security?

Our Enhanced Security service includes 24/7 incidence response, Workspace Security Report, Audit and Penetration test Support, and Concierge Services.

  • 24/7 Incidence Response: Within 24 hours of sending a Security Incident Notification, Segment will describe the mitigation steps taken and any compensating controls that the customer must take. Support will be provided 24/7.

  • Penetration Testing Support: Customers may request a penetration test once during each 12-month period.

  • Audit Support: Segment will provide customers with completion of one security questionnaire to confirm compliance with the DPA, allow customers to inspect relevant policies, standards and work papers in accordance with Segment’s security program, as well as Segment’s most recent SOC and ISO certifications/attestations.

  • Concierge Service: This will include a monthly call to review and discuss matters identified within the Custom Workspace Security Report with a member of the Segment Enhanced Security Services Support Team.

  • Workspace Security Report: Personalized, automated security-health check and routine workspace audit report, sent to your company’s Security point of contact, regarding:

    • Alerting on domains/users that are impersonating your brand for malicious purposes.

    • Alerting on customer workspace data leakages (e.g. customer destination resources like a database URI is identified in locations where they shouldn’t be, such as public source code repositories)

Enhanced Security Services image
Enhanced Security Services image
How does Enhanced Security Services differ from Segment’s Standard Security? 

Enhanced Security Services are services that are separate and distinct from the Segment platform. As a reminder, Segment is secure and private by default. This is why:

  • We have an ISO 27001-based security program, which means we are continuously evaluating, refining, and augmenting our security offerings.

  • We have SOC 2 Type II report that covers all of the SOC 2 Trust Services Criteria (TSC): Security, Availability, Confidentiality, Processing Integrity, and Privacy. Many companies have a SOC 2 report, but most don’t have all five TSCs. This means we've exceeded a standard of SOC 2 security attestation.

  • We use Amazon Web Services for our datacenter, which means our customers benefit from AWS’s comprehensive security practices and compliance certifications. 

  • We believe that Security is everyone’s responsibility and that Security extends beyond just technology and processes. That’s why we have a Bug Bounty program and are committed to leveraging the expertise of security researchers that are willing to go above and beyond traditional security assessments in order to ensure the confidentiality, integrity, and availability of our products.

Next Steps:

To learn more about our Enhanced Security Services, talk to an expert. Learn more about Security by heading over to Security. New to Segment? Sign up for a demo to learn how Segment can help you better understand your customers and engage with them effectively.

The state of personalization 2023

The State of Personalization 2023

Our annual look at how attitudes, preferences, and experiences with personalization have evolved over the past year.

Recommended articles

Loading

Want to keep updated on Segment launches, events, and updates?