Security is part of our code.
Software that works perfectly is software that’s secured properly. So, from start to finish, product to practice, we ensure we meet your security needs and provide you with transparency into everything we do.
Data security controls
Your data is secured end-to-end
Created with a secure software development lifecycle (SDLC), independently audited and pen-tested with very strong security by default.
Non-privileged monitoring agents
Install monitoring agents (OneAgent) without the need for root permissions.
Automatic signature verification
Ensures integrity of Dynatrace components.
Enterprise-grade single sign-on integration options for SAML 2.0, OpenID or LDAP.
Dynatrace SaaS uses TLS 1.2+ (SSL Labs Grade A+) to encrypt all data in transit between OneAgent, ActiveGate and Dynatrace Cluster. Dynatrace uses AES-256 encryption and key management for data stored.
Secure Dynatrace tenants
Your Dynatrace tenant features additional security measures beyond the security offered by the cloud providers (AWS, Azure, GCP) and your secure Dynatrace cluster.
All data at rest is encrypted using AES-256 encryption.
API access management
Secure and highly configurable API access tokens. Automatic scans and notifications for the tokens you leak.
Each access is logged, time-stamped, and made available to you in an automated way via our REST API.
All authorized Dynatrace employees are bound by strict confidentiality agreements.
Data backups and disaster recovery
Every 24 hours, Dynatrace SaaS performs data backups that include the data captured for at least the last 30 days. The maximum recovery point objective (RPO) for a full cluster is 24 hours. The recovery time objective (RTO) takes up to 24 hours, depending on the size of the cluster.
The credential vault is a centralized repository where you securely store and manage your credentials.
Business continuity and high availability
Dynatrace SaaS uses a clustered architecture, multiple availability zones (data centers), and automatic fail-over mechanisms to ensure availability.
Business practices & organizational security controls
We’ve built resiliency and failover into our solutions, infrastructure, and business systems, and our cloud orientation and global operational model help us limit vulnerability to regions’ power or internet outages.
We utilize an extensive vendor management evaluation process to evaluate the cyber risk of all our vendors. Vendors are evaluated prior to onboarding, and reviewed on a periodic basis or whenever there’s a significant change in their cyber risk rating.
Employee security awareness
All Dynatrace employees and contractors must complete a Security Awareness Training course at their time of hire as well as on a yearly basis, covering topics like Ransomware, Social Media, Credential management, Impersonation Attack, Data handling, Fraud, Phishing, Identity Theft, etc. Additionally, employees may undergo training focused around the nature of their job or role.
Application security & secure development controls
Security starts in the requirements and design phase. That’s where our security architects help analyze potential attack vectors using threat modeling techniques before the actual implementation starts.
Internal and external penetration testing
We have an internal team of certified penetration testers who regularly test new and existing features. Extensive external application security penetration tests with independent security firms are performed annually.
Vulnerability scanning is performed regularly using static code analysis, dynamic runtime scans, network scans, third party component scans, and cloud security posture scans.
Bug bounty on Hacker One
We run a private bug bounty program on the HackerOne platform that offers a monetary reward given to ethical hackers for successfully discovering and reporting a vulnerability or bug.