Security at Addigy

Our customers rely on Addigy to manage and secure devices and the data inside them. To protect our customer’s environments, Addigy utilizes the best infrastructure, protected by top Security experts.

Security Portal

If you are interested in reviewing Addigy Security, please navigate to the Addigy Security Portal available at https://security.addigy.com

Certifications & Compliance

The Addigy MSA and DPA are supported by the people, processes, and technology necessary for the protection of customer personal data in compliance with legal and contractual obligations for regulations such as SOC and GDPR. The key activities implemented for privacy regulations are listed below.

Review our GDPR Data Protection Agreement

  • Established and maintained registers of customer personal data collection and processing activities
  • Completed privacy risk assessment to support customer data protection impact assessments
  • SOC 2 Type I, II, and III Attestation Reports available to support processing activities for protection of customer personal data
  • Established Data Processing Agreement
  • Updated and reviewed the Addigy Privacy Policy, and procedures for compliance with privacy laws, regulations and principles
  • Provided MSA and DPA upon request from [email protected] to support customer compliance
  • Provided awareness sessions with customer-facing staff on their roles and responsibilities for compliance
  • Updated company-wide security awareness materials to include new customer personal data protection and privacy practices
  • Established and assigned data protection roles and responsibilities
  • Established [email protected] for data subjects to submit requests
  • Established a privacy-by-design methodology
  • Established Addigy Status Page and Addigy Releases Page for the full visibility and communications
  • Implemented new features to support data subject requests from customers exercising their rights to erasure and data portability
  • Established and maintained registers of customer personal data collection and processing activities
  • Completed privacy risk assessment to support customer data protection impact assessments
  • SOC 2 Type I, II, and III Attestation Reports available to support processing activities for protection of customer personal data
  • Established Data Processing Agreement
  • Updated and reviewed the Addigy Privacy Policy, and procedures for compliance with privacy laws, regulations and principles
  • Provided MSA and DPA upon request from [email protected] to support customer compliance
  • Provided awareness sessions with customer-facing staff on their roles and responsibilities for compliance
  • Updated company-wide security awareness materials to include new customer personal data protection and privacy practices
  • Established and assigned data protection roles and responsibilities
  • Established [email protected] for data subjects to submit requests
  • Established a privacy-by-design methodology
  • Established Addigy Status Page and Addigy Releases Page for the full visibility and communications
  • Implemented new features to support data subject requests from customers exercising their rights to erasure and data portability
  1. What personal data is processed by Addigy? Addigy processes the following types of personal data:
    • Addigy Agent Data (Device Information such as MAC Address, Device Name, IP address).
    • User information (IP address, user activity, helpdesk tickets, satisfaction data)
    • Read more about the data gathered
  2. What categories of individuals (e.g. data subjects) does the personal data come from?
    • Addigy processes limited personal data from customer devices and accounts to provide basic functionality of the product.
  3. Where does Addigy store customer personal data?
    • All customer personal data is stored by Addigy on Amazon Web Services (AWS) and Google Cloud Platform (GCP) using data centers located in the United States of America. Addigy maintains Privacy Shield certifications to provide an adequate level of protection for data transfers from the EU.
    • If you have any questions, please contact your Account Executive, Customer Success Manager, or email [email protected].
  4. How do I obtain a Data Processing Addendum?
    Read the Addigy DPA. Send questions to [email protected].
  5. Do you have additional GDPR information?
    Yes, read the EU Protection Agreement

Platform Security

Addigy’s security model is an end-to-end process, spanning application, authentication, storage, and the services that power our software.

Authentication

  • Users passwords are encrypted with the strongest encryption methods available.
  • Addigy supports and includes as part of the Addigy Service multiple Multi-factor Authentication methods, SAML 2.0 Support, and OAuth 2.0 Support for enhanced user security.

Audit Logs

  • Addigy logs the relevant activity into a system that is immutable, time synced, and accessible by account admins. Event logs are fully exportable via API or can easily be searched through via the application.
  • The event logs contain: Addigy user activities, the application affected by event, status of event (success/failed), event type, timestamp, and a brief description.

Hosting Security

Addigy is built and hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP) platform along with Stripe. For more information regarding AWS and GCP Security, please view Amazon and Google’s own Security and Privacy Documentation:

Role-based Privileges

  • Role-Based Privileges enable admins to limit the permissions of some users within a team, including Help Desk, HR, or Security.
  • Privileges are built on a multi-tiered and multi-tenant system and include functionality to limit users to create, read, edit, or delete actions across the application.

Secure Internet Connectivity (HTTPS)

  • All of the Addigy application’s externally-facing services use HTTPS to ensure encryption in transit of all customer information.
  • The Addigy application uses Transport Layer Security (TLS) version 1.2 or higher to protect HTTPS communications.

Corporate Security

  • A dedicated security team, including a senior officer in the company, is chartered with ensuring the security, confidentiality, and integrity of company and customer data. Our security team performs engineering tests and educational campaigns to mitigate attacks and develop a security mindset as part of the culture of the company.
  • We actively reduce the attack surface by limiting the number of personnel with access to production, auto locking employees computers after a short period of inactivity, and utilizing commercial tools to provide a multi-layered defense.

Vulnerability Disclosure

  • Responsible Disclosure Program
  • If you think you’ve found a security vulnerability that affects Addigy, please use the submission form available in the link above.

Security Features for Your Endpoint Devices

We take the security of your Apple devices very seriously, and there are several tools available in Addigy to help you do just that. Here are just a few, and of course all of these can be configured at the policy level to help make sure you haven’t left any devices out.

Firewall

Enable a firewall on any machine in your portfolio, or add it to a policy to enable on a large group of machines with a few mouse clicks.

Website Blocking

Protect your network and your end-users’ data from phishing and other malware sites.

FileVault

Enable and manage a remote Mac’s FileVault with Addigy’s FileVault-Manager tool. Even pushing FileVault keys up from the device to the Addigy account.

GateKeeper

Ensure that all of your Macs can only install apps from the Mac App Store or from certified developers.

Password Policy

Enforce light or strict password policies easily, including password complexity, length, expiration, and lockout techniques.

Catalog Security Software

Industry-leading security apps, like WebRoot, AntiMalware, and MBBR by MalwareBytes are readily available to distribute across your fleet.

ScreenSaver Password

Manage settings to require password immediately after screensaver is initiated.

Support Team available

Our team is available to immediately respond to any malicious attacks on our platform to protect our customers’ data.

Ready to see more?

Sign up for a personalized one-on-one demo or request a trial today.