Cerkl Enterprise Security

Security

Best in class enterprise security.

1
2
3
4

GDPR / CCPA

We’re ready to have your employee data requested, deleted, or not collected at all, and work with your privacy policies.

Google Partner

As a Google Cloud Partner – we take security seriously - beating industry, international and data privacy standards.

Single Sign-On

Integrate Broadcast with your existing SAML 2.0 identity provider to ensure secure access to your team.

Encryption

All information is encrypted and secured via AES 256 bit both in transit and at rest.

Full Life Cycle Security

Broadcast runs on Google Cloud, the industry’s most secure cloud provider. We take security so seriously, we’ve been given Google Cloud Partner status. Why did we pick Google? Google Cloud offers a global scale technical infrastructure designed to provide security through the entire information processing lifecycle. This infrastructure provides secure deployment of services, secure storage of data with end user privacy safeguards, secure communications between services, secure and private communication with customers over the internet, and safe operation by administrators.

 

Cerkl SOC2 Seal

In addition to the security provided through being in the Google Cloud, Cerkl has also received a SOC2 attestation (available upon request). SOC2 is an independent audit performed by a third party evaluating a company across these 5 areas:

1. Security

The security principle refers to protection of system resources against unauthorized access. Access controls help prevent potential system abuse, theft or unauthorized removal of data, misuse of software, and improper alteration or disclosure of information.

IT security tools such as network and web application firewalls (WAFs)two factor authentication and intrusion detection are useful in preventing security breaches that can lead to unauthorized access of systems and data.

2. Availability

The availability principle refers to the accessibility of the system, products or services as stipulated by a contract or service level agreement (SLA). As such, the minimum acceptable performance level for system availability is set by both parties.

This principle does not address system functionality and usability, but does involve security-related criteria that may affect availability. Monitoring network performance and availability, site failover and security incident handling are critical in this context.

3. Processing integrity

The processing integrity principle addresses whether or not a system achieves its purpose (i.e., delivers the right data at the right price at the right time). Accordingly, data processing must be complete, valid, accurate, timely and authorized.

However, processing integrity does not necessarily imply data integrity. If data contains errors prior to being input into the system, detecting them is not usually the responsibility of the processing entity. Monitoring of data processing, coupled with quality assurance procedures, can help ensure processing integrity.

4. Confidentiality

Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations. Examples may include data intended only for company personnel, as well as business plans, intellectual property, internal price lists and other types of sensitive financial information.

Encryption is an important control for protecting confidentiality during transmission. Network and application firewalls, together with rigorous access controls, can be used to safeguard information being processed or stored on computer systems.

5. Privacy

The privacy principle addresses the system’s collection, use, retention, disclosure and disposal of personal information in conformity with an organization’s privacy notice, as well as with criteria set forth in the AICPA’s generally accepted privacy principles (GAPP).

Personal identifiable information (PII) refers to details that can distinguish an individual (e.g., name, address, Social Security number). Some personal data related to health, race, sexuality and religion is also considered sensitive and generally requires an extra level of protection. Controls must be put in place to protect all PII from unauthorized access.

Progressive Security

The security of Google Cloud’s infrastructure is designed in progressive layers starting from the physical security of data centers, continuing on to the security of the hardware and software that underlie the infrastructure, and finally, the technical constraints and processes in place to support operational security.

Application Security

Integrate Broadcast with your existing SAML 2.0 identity provider to ensure secure access to your team. With just a few pieces of information, Broadcast can be setup to support any of the following Identity Providers: SAML, Okta, Azure AD, Microsoft AD FS, OneLogin, Google GSuite, Ping Identity, and many more.

Content Security

Network Access

Broadcast doesn’t ever need to come inside your network. Internal content, like the information posted on your intranet, is pushed to us via our REST API on 256 bit advanced encryption. You are in complete control of what content is sent to Cerkl.

Broadcast CMS

Content posted directly through the Broadcast CMS is only accessible through SSO for your employees.

External/Public Content

With public content, like your external blogs, or YouTube channel, everything is handled the same except Cerkl automatically crawls to grab that content instead of it being pushed to us via secure API.

Content Storage

All content from all sources is stored on our Google Cloud instance with server-side encryption.

Email Security

Each customer is given a dedicated IP address. No other customer can send via your IP address. In addition, your IP address will be white labeled using DNS entries we’ll provide to your IT team to ensure that emails coming in are authorized/approved to be sent from your domain.

Web and Intranet Security

Web personalization can be added to any website (either internal or external). Once added, the plugin (or SharePoint webpart) calls our personalization server via SSL to request personalized content recommendations for the visiting user as determined via SSO or Intranet user object.