Security Overview

Where does Kentico Cloud store your data?

Kentico Cloud stores the data on Azure storage located in the West US data center. Data is replicated across multiple data centers. To make the structured content and digital assets readily available anywhere in the world, Kentico Cloud uses a global Content Delivery Network (CDN).

Does Kentico Cloud provide any backups? For how long are backups stored?

Yes. The data is backed up daily and stored for 14 days. 

Does Kentico Cloud secure payment process? Do you follow PCI compliance?

Kentico Cloud uses FastSpring as a payment provider. FastSpring addresses all PCI compliance issues and securely processes sensitive data. All FastSpring stores are PCI compliant and adhere to PCI DSS regulations.

Does Kentico Cloud encrypt the data?

By default, all data is encrypted.

Is secure development training required for Kentico Cloud developers?

Yes. All development team members must attend unique security training focused on writing secure code, doing security code review, and performing security testing.

Do you perform secure code reviews, static code analysis, dynamic scans, penetration tests?

We regularly do code review as well as website security scans. Security review is performed:

  • manually—by our security team
  • automatically—we use web application security scanner to ensure Kentico Cloud is free of any security vulnerabilities

Both security reviews cover the most frequently occurring vulnerabilities defined as TOP 10 by OWASP standard.

Is a vulnerability management program in place?

Any new vulnerability is inspected by our teams and security expert and any threats found are fixed within a few hours/days, based on the severity.

Kentico Cloud SDLC in the Agile Methodology

The main motivation for adapting the SDL for Agile for Kentico Cloud is to increase the security of the developed product. This usually includes reducing the number of security flaws and reducing the severity of the security flaws. Also, privacy issues are important and are handled in the SDL for Agile process. Read more about SDLC for agile

Kentico Cloud Security Review

Security review provides an overview of the security measures taken by Kentico Cloud to protect content and user data hosted on our platform from unauthorized access. Kentico Cloud security is based on OWASP security review standards. If you are interested in more details about Kentico Cloud security, you can download the full OWASP security report.

Download report

Report a Security Issue

We appreciate your effort

We recognize how important it is to help protect your privacy and security. As a company, we have a vested interest in maintaining the trust you place in us and our products.

Report a security issue

If you believe you’ve found a security vulnerability in Kentico Cloud, we encourage you to let us know right away by emailing security@kentico.com (optionally using our PGP key). We request that you do not publicly disclose the issue until we have a chance to address it and will not pursue legal action as long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability.

Responsible disclosure

Responsible disclosure is the industry best practice, and we recommend it as a procedure to anyone researching security vulnerabilities. It allows individuals to notify companies of any security threats before going public with the information. This gives software vendors such as us a chance to resolve the problem before the criminally-minded become aware of it.

We will not disclose security issues until our internal investigation is finished, but we will work with you to ensure we fully understand the issue. Once the issue is resolved, we will keep you posted along with a “thank you” and credit for the discovery. We ask for your patience while we make sure all users of our products are protected.