Security is
part of our code.
Software that works perfectly is software that’s secured properly. So, from start to finish, product to practices, we build the strongest possible security and controls into everything we do.
Explore how or get in touch to learn more.
Compliance & certifications
We adhere to industry best practices, and partner with top security organizations to meet their strict compliance standards, and our own.
Product security & compliance features
From where it’s deployed to how it’s accessed (and by whom), our platform is designed with your security needs in mind.
Deployment
️
Deployment options
Choose your preferred deployment option: SaaS / Managed (on-premises) / FedRAMP
Non-privileged monitoring agents
Install monitoring agents (OneAgent) without the need for root permissions
Authentication
️
Single sign-on
Enterprise-grade single sign-on integration options for SAML 2.0, OpenID or LDAP
Authorization
️
Flexible access & permission management
Manage users, groups, and permissions locally or via LDAP, OpenID, SAML, or SCIM.
Data segregation
Segregate data using Dynatrace Management Zones.
Privacy
️
Data masking
We protect personal data using masking capabilities.
Customer personal data
We process customer personal data according to customer instructions, including customer configuration of Dynatrace, and in accordance with the Data Processing Agreement.
Third-party assessments
Where we use third parties to process customer personal data, those third parties are thoroughly assessed and bound to strict contractual terms regarding customer personal data.
Security controls & data protection
Keeping your data and that of your customers secure and private is our top priority, mainly because it’s yours, too.
Business practices & organizational security controls
Business continuity
We’ve built resiliency and failover into our solutions, infrastructure, and business systems, and our cloud orientation and global operational model help us limit vulnerability to regions’ power or internet outages.
Vendor management
We utilize an extensive vendor management evaluation process to evaluate the cyber risk of all our vendors. Vendors are evaluated prior to onboarding, or integrated on a periodic bases or whenever there’s a significant change in their cyber risk rating.
Employee security awareness
All Dynatrace employees and contractors must complete a Security Awareness Training course at their time of hire as well as on a yearly basis, covering topics like Ransomware, Social Media, Credential management, Impersonation Attack, Data handling, Fraud, Phishing, Identity Theft, etc. Additionally, employees may undergo training focused around the nature of their job or role.
Data protection & secure operation controls
Highly secure data centers
We use highly secure AWS data centers and follow industry standards for encrypting data in transit and data at rest.
High availability architecture
We use a clustered architecture which offers high availability, automated fail-over, and backups for disaster recovery and business continuity.
24/7 incident response
Performance, availability and security events are constantly monitored, and alerts are sent to a 24/7 incident response team.
Application security & secure development controls
Threat modelling
Security starts in the requirements and design phase. That’s were our security architects help analyze potential attack vectors using threat modelling techniques before the actual implementation starts.
Internal and external penetration testing
We have an internal team of certified penetration testers who regularly test new and existing features. Extensive external application security penetration tests with independent security firms are performed annually.
Vulnerability scanning
Vulnerability scanning is performed regularly using static code analysis, dynamic runtime scans, network scans, third party component scans, and cloud security posture scans.
Bug bounty on Hacker One
We run a private bug bounty program on the Hacker One platform.
