Aiven Security

We care about your data. Aiven provides fully managed security for all our services so that our customers can keep their data secure and stay compliant.

Business continuity

Do you have a business continuity plan in place? Aiven provides 99.99% SLA backed by a 24/7 support and engineering team to make sure that your mission-critical workloads are always up and running. We support Multi-Cloud (AWS, Google Cloud, Azure and others) and multi-AZ deployments, with built-in backup and automatic failover.


Use case

Disaster recovery strategies to handle partial or complete regional outages.


Technical feature

  • Dedicated VM’s per customer, no multi-tenancy
  • Multi-Cloud, Multi-Zone deployment
  • Automatic failover

Secure access

Security starts with the right level of access. Aiven provides secure single sign-on to all your environments with SAML integration, regardless of where you run your workloads. All data is fully encrypted end-to-end at rest and in transit. We also work with bugcrowd for active whitehat hacker bug bounty programs.


Use case

Dedicated VPC Peering on Aiven Cloud to provide fine grained network access control.


Technical feature

  • At-rest and in-transit encryption
  • SSO/SAML integration
  • VPC Peering
  • BYOC Deployment
  • PrivateLink for AWS and Azure

Compliance

Our services are ISO 27000-series, GDPR, CCPA, HIPAA and PCI-DSS compliant. We also provide ISAE 3000/SOC2 Type II reports. We continually and actively expand our compliance coverage against the most important global standards.


Use case

Protecting customer’s data privacy is the core tenant of Aiven. We meet the most stringent industry security standards and regulations.


Technical feature

  • ISAE 3000, ISO27K, GDPR, CCPA, HIPAA and PCI DSS
  • Automated security update
  • Annual Security Testing

Compliance & Privacy

Compliant since: 2018

ISO/IEC 27001:2013

Certificate no. FI240523-151

Published by the International Organization for Standardization and the International Electrotechnical Commission, ISO/IEC 27001 is the standard for Information Security Management Systems (ISMS).

Compliant since: 2022

ISO/IEC 27017:2015

Certificate no. FI240523-151

As part of the ISO/IEC 27000 family, ISO/IEC 27017 is the security standard for cloud services.

Compliant since: 2022

ISO/IEC 27018:2019

Certificate no. FI240523-151

ISO/IEC 27018 is the standard for protection of personally identifiable information (PII) in the public clouds.

Compliant since: 2022

ISO/IEC 27701:2019

Certificate no. FI240523-152

ISO/IEC 27701 is the standard for Privacy Information Management Systems (PIMS).

Compliant since: 2019

ISAE 3000 Type 2

The ISAE 3000 Type 2 report provides information and assurance on the security and reliability of Aiven's services. The document is aligned with AICPA SOC2 Trust Services Criteria. Download the summary report or full report through our Whistic Profile (requires registration).

Compliant since: 2020

PCI DSS

Contact sales for more information on PCI-DSS

Payment Card Industry Data Security Standard is a standard for secure handling of credit card information.

Compliant since: 2018

HIPAA

Contact sales for HIPAA BAA

Health Insurance Portability and Accountability Act regulates the protection of sensitive patient health information in the US.

Compliant since: 2017

GDPR

Contact sales for GDPR DPA

The General Data Protection Regulation regulates data protection and privacy of individuals in the EU and European Economic Area.

Compliant since: 2020

CCPA

Contact sales for CCPA DPA

The California Consumer Privacy Act regulates privacy of consumers in California.

Security is everything. We know that.

Dedicated virtual machines

Some cloud vendors use multi-tenant virtual machines to reduce costs. Aiven delivers all Aiven software on dedicated virtual machines for the best security for every customer.

Encryption for Data in transit and at rest

We enforce Transport Layer Security (TLS) encryption for connections used in transferring data and encrypt it when it is on the disk.

Complete network security

All Aiven nodes are behind a firewall. You can specify the IP addresses that your users are permitted to connect from.

We offer BYOC (Bring your own cloud) in our cloud services.

Automated security updates

Aiven automatically installs all security updates to make sure that your software is kept current.

Annual security testing

Aiven does an annual externally conducted security evaluation for all our managed cloud services and runs a continuous public bug bounty program.

Our Internal Security Operations team also conducts periodic security assessments.

Need more details?

Get more details on security topics such as access control, encryption, network security, and others by reading our cloud security overview.

Have a question about compliance, privacy, or security?

Leave us a message and we will get back to you.

Contact us