Security is part of our code

Security is
part of our code.

Software that works perfectly is software that’s secured properly. So, from start to finish, product to practices, we build the strongest possible security and controls into everything we do.

Explore how or get in touch to learn more.

Contact us

Compliance & certifications


We adhere to industry best practices, and partner with top security organizations to meet their strict compliance standards, and our own.

Product security & compliance features


From where it’s deployed to how it’s accessed (and by whom), our platform is designed with your security needs in mind.

Deployment
Deployment

Deployment options
Choose your preferred deployment option: SaaS / Managed (on-premises) / FedRAMP

Learn more:    Deployment models    |    What is Dynatrace

Non-privileged monitoring agents
Install monitoring agents (OneAgent) without the need for root permissions

Learn more:    OneAgent Linux    |    OneAgent Windows
Authentication
Authentication

Single sign-on
Enterprise-grade single sign-on integration options for SAML 2.0, OpenID or LDAP

Learn more
Authorization
Authorization

Flexible access & permission management
Manage users, groups, and permissions locally or via LDAP, OpenID, SAML, or SCIM.

Learn more

Data segregation
Segregate data using Dynatrace Management Zones.

Learn more
Auditing
Auditing

Audit logs
Access audit logs via the Dynatrace API.

Learn more
Privacy
Privacy

Data masking
We protect personal data using masking capabilities.

Learn more

Customer personal data
We process customer personal data according to customer instructions, including customer configuration of Dynatrace, and in accordance with the Data Processing Agreement.

Learn more

Third-party assessments
Where we use third parties to process customer personal data, those third parties are thoroughly assessed and bound to strict contractual terms regarding customer personal data.

Learn more

Security controls & data protection


Keeping your data and that of your customers secure and private is our top priority, mainly because it’s yours, too.

Business practices & organizational security controls


Business continuity
We’ve built resiliency and failover into our solutions, infrastructure, and business systems, and our cloud orientation and global operational model help us limit vulnerability to regions’ power or internet outages.

Vendor management
We utilize an extensive vendor management evaluation process to evaluate the cyber risk of all our vendors. Vendors are evaluated prior to onboarding, or integrated on a periodic bases or whenever there’s a significant change in their cyber risk rating.

Employee security awareness
All Dynatrace employees and contractors must complete a Security Awareness Training course at their time of hire as well as on a yearly basis, covering topics like Ransomware, Social Media, Credential management, Impersonation Attack, Data handling, Fraud, Phishing, Identity Theft, etc. Additionally, employees may undergo training focused around the nature of their job or role.

Business practices & organizational security controls

Data protection & secure operation controls


Highly secure data centers
We use highly secure AWS data centers and follow industry standards for encrypting data in transit and data at rest.

High availability architecture
We use a clustered architecture which offers high availability, automated fail-over, and backups for disaster recovery and business continuity.

24/7 incident response
Performance, availability and security events are constantly monitored, and alerts are sent to a 24/7 incident response team.

Learn more

Data protection & secure operation controls

Application security & secure development controls


Threat modelling
Security starts in the requirements and design phase. That’s were our security architects help analyze potential attack vectors using threat modelling techniques before the actual implementation starts.

Internal and external penetration testing
We have an internal team of certified penetration testers who regularly test new and existing features. Extensive external application security penetration tests with independent security firms are performed annually.

Vulnerability scanning
Vulnerability scanning is performed regularly using static code analysis, dynamic runtime scans, network scans, third party component scans, and cloud security posture scans.

Bug bounty on Hacker One
We run a private bug bounty program on the Hacker One platform.

Learn more

Application security & secure development controls