Qualy is committed to the security of our customers and their data. As a cloud-based company entrusted with some of our customers’ most valuable data, we are focused on keeping you and your data safe. Qualy undergoes periodic penetration testing, is designed to be GDPR-compliant, and encrypts data at rest and in-transit. Our customers entrust sensitive data to our care. Keeping customer data safe is our priority.
Qualy utilizes a Software-as-a-Service (SaaS) model in which security is a shared responsibility among Google Cloud, Qualy, and our customers. Qualy leverages Google Cloud as our cloud infrastructure provider to deliver a service that is highly available, scalable, and secure. Google Cloud is responsible for physical facilities, hardware, networking, and virtualization platform security. Qualy is responsible for, but is not limited to, customer data encryption, application-level security, security event logging and monitoring, and service uptime monitoring.
Customers are responsible for using the Qualy service appropriately and configuring its security features. Examples of customer responsibilities include providing complete and accurate information to Qualy, ensuring the security of devices used to access the service, setting up user authentication appropriately, managing access to the service and accounts shared with users, reporting security issues to Qualy, data security, and managing the security of any other applications or integrations used in customer environment including third party apps and plugins installed in their organization.
Qualy uses Google Cloud for secure and resilient hosting of staging and production environments. Qualy leverages multiple availability zones to redundantly store customer data. Google Cloud data centers are monitored by 24×7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks.
Your connection is protected before it even reaches our servers. Here's how we do it:
Utilizing DNSSEC, we employ cryptographic signatures to guarantee that when you navigate to qualyhq.com, you're securely connected to Qualy, not a deceptive website. We also use DKIM/SPF policies to prevent email spoofing.
Your communication with our servers is encrypted to prevent any interception or data snooping. Regardless of device or connection, rest assured your data remains protected. We use HSTS to ensure that your browser only connects to Qualy over HTTPS and we also enforce end-to-end TLS 1.2+ encryption.
Shielding your account from automated login attempts, we implement robust measures to ensure both security and speed. Our authentication system is powered by Google.
Our vigilant, adaptive firewall is primed to block any unsolicited traffic or malicious payloads, ensuring constant protection against potential vulnerabilities.