Cheetah Digital is committed to ensuring the security, availability, and confidentiality of the information entrusted to it by its customers, stakeholders including management, staff, investors, shareholders, and other business partners.
Cheetah's security posture in a nutshell:
Cheetah Digital's SaaS solutions leverage technical and organizational measures aligned to ISO 27001/2 standards and implemented using security and data protection industry best practices.
Our production systems utilize key compliance controls and objectives to cover a range of data security, confidentiality, and availability controls. tested against multiple security and information systems management standards.
Our Global Security Policy & Standards is comprehensive and authorizes individual supplementary policies covering topics such as business continuity, risk management, systems acceptable use, and data retention among other governance areas.
Part of the management of the policies, a senior-management forum is used to review and approve all new policies and changes to existing policies.
Current security reports, certificates and related supporting handouts are available under NDA through your Customer Success Manager.
Standards, certifications and related compliance
Cheetah Digital maintains a comprehensive information security program that contains safeguards appropriate to the sensitivity of the information. Such safeguards are designed to:
Ensure the security and confidentiality of client and customer information
Protect against any anticipated threats or hazards to the security information
Protect against unauthorized access or use of information that could result in harm to any client or customer
Global security & privacy team
We have a dedicated internal team responsible for the management of information security and privacy-compliance throughout the organization. The team constantly monitored our environment for vulnerabilities, performs tests and audits, and works cross-functionally to guide the development and implementation of information security, data privacy and risk management requirements. The team includes ISC2 and the IAPP certified professionals.
Policies and standards
Cheetah developed a comprehensive set of security and data protection policies modeled after the International Organization for Standardization (ISO) 27001 standards. These policies are updated frequently and shared with all employees.
We perform background checks on all new employees in accordance with local laws.
Employees sign a confidentiality agreement outlining their responsibility in protecting customer data, and all employees are required to adhere to Cheetah's ethical conduct and acceptable use policies as a condition of employment.
New hires learn about Cheetah Digital's tools, products and policies, and all employees complete security and privacy awareness training annually.
We maintain a comprehensive errors and omissions policy with cyber coverage to address security and data privacy incidents.
We implement the latest measures to restrict electronic access to our production environment, and in turn our Customers' data. Single Sign-On (SSO) with Multi-Factor Authentication (MFA) allows us to authenticate access to our production environment in a layered and auditable way.
Our solutions support SAML SSO with 2-Factor Authentication (2FA), and Customers can set granular role-based permissions for their account users.
We enforce password complexity and user lifecycle standards which Customers can further customize to meet their needs. All credentials are encrypted.
Login sessions and data at rest are encrypted using industry-standard 256 bit algorithms with strong cipher suites. We hash user account passwords, encrypt files exchanged through our platforms, and secure our APIs and application endpoints using TLS 1.2 following OWASP and OpenSSL best practices.
Network and application security
Data hosting and storage
Our production systems are hosted in Tier-3 co-located data centers and with cloud hosting providers who maintain multiple ISO 27001 and SOC 2 certified physical and environmental controls. Further, production facilities and offices are secured by keycard access and biometrics, and are monitored with cameras throughout. We review our facility providers and physical security measures at least annually.
Our office network is segmented and segregated from our production network. In turn, our customers are geographically and/or logically segregated, or are hosted within dedicated single-tenant environments.
Continuity and recovery
Cheetah Digital’s infrastructure is designed to be highly resilient across our co-location data center facilities, and across multiple AWS availability zones. Our backup solutions are layered and tested to to ensure key systems are available, and to mitigate against the risk of data loss.
Logging and monitoring
Our production and corporate systems are monitored using enterprise class infrastructure, security tools, and managed services. Audit trails are aggregated, processed and stored using an industry leading SIEM and forensic log vault solution
We use enterprise class best of breed scanning tools to continuously as well as manually scan for internal and external vulnerabilities. Each year we also engage a third-party security firm to perform detailed penetration tests on our applications and infrastructure. Our dedicated security team responds to issues raised and works collaboratively with technical teams to address findings.
We implement a risk-based incident management process to respond to security events. Protocols include an escalation plan based on the nature and severity of the event, event tracking requirements, mitigation pathways, and Customer notification requirements.
If you have questions or feedback, please contact your Cheetah Digital representative or reach out to us at email@example.com