Skuid Security Overview
Skuid highly values its Customer and Partner relationships and the trust they have placed in Skuid to access their data. Skuid partners with world-class cloud and technology providers and utilizes industry leading technology in the development of its products and services. In addition, Skuid and its partners have implemented a variety of policies, processes, controls and certifications to provide proper security and protection of Customer data. The sections below provide an overview of the security related aspects of the Skuid Platform and Skuid Salesforce offerings:
Skuid managed cloud
The Skuid Platform is a user experience platform that runs on the Amazon Web Services (AWS) cloud computing platform allowing Skuid Customers to access data from data stores managed by the Customer and/or their Partners (e.g., Microsoft, SAP, Salesforce). This arrangement is referred to as a shared Security Model where AWS, Skuid and Skuid Customers have specific responsibilities with respect to the security of the overall application.
Key points regarding Skuid’s security profile with respect to the Skuid Platform offering are listed below:
Privacy Policy
EU-U.S. and Swiss-U.S. Privacy Shield self-certification
Information Security Policy
Data Security Incident Management Policy
Information Classification Policy
SOC 2 Type 2 compliant
Background Checks performed on all employees
All employees attend Security Awareness training
Wholedisk encrypton of employee laptops
Encryption of data in transit using a browser is performed via HTTPS/TLS
Data (user credentials) are encrypted at rest
Data backups are encrypted
Infrastructure configuration scans are performed on a recurring basis
Dynamic Web Application Scans of are performed with each release
Static code scans are performed on all code commits
Intrusion Detection System (IDS) capabilities are utilized on the infrastructure to provide real-time monitoring of all network traffic
Highly available / redundant architecture with multiple availability zones per region
More detailed information regarding the security profile of AWS can be found here: https://aws.amazon.com/security/
Skuid managed package
Skuid Salesforce is a Salesforce managed package that runs on the Salesforce platform. As such, Skuid is dependent on Salesforce to provide the hosting, operational, availability, and security infrastructure. As a Salesforce managed package, Skuid adheres to the associated Salesforce security requirements for any managed application on the Salesforce platform.
Key points regarding Skuid’s security profile with respect to the Skuid Salesforce offering are listed below:
Privacy Policy
EU-U.S. and Swiss-U.S. Privacy Shield self-certification
Information Security Policy
Data Security Incident Management Policy
Information Classification Policy
SOC 2 Type 2 compliant
Background Checks performed on all employees
All employees attend Security Awareness training
Wholedisk encrypton of employee laptops
Encryption of data in transit using a browser is performed via HTTPS/TLS
Enforcement of the Salesforce security model is performed server-side by Apex on every transaction that involves queries or DML operations
User account data is stored in Salesforce’s protected custom setting records and username and password values are encrypted at rest
Skuid supports both Salesforce Classic Encryption and Shield Platform Encryption for data at rest
Force.com Checkmarx scans are performed on each release
Static code scans are performed on all code commits
More detailed information regarding the security profile of Salesforce can be found here: https://trust.salesforce.com/en/
Vulnerability Reporting
Skuid, Inc. (Skuid) highly values its Customer and Partner relationships and the trust they have placed in Skuid to access their data. Security is of utmost importance to Skuid and we encourage responsible reporting of any vulnerabilities that may be found in our offerings. Skuid and its Partners are committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us.
If you suspect any security related issues, please contact us at infosec@skuid.com. If desired, you may use the following PGP key for additional security in your communication. The fingerprint is:
69DE D191 318D 5D3C A62E BFB2 E78A B975 DBE1 BFF2
—–BEGIN PGP PUBLIC KEY BLOCK—–
mQINBFbi9gsBEADCsbg6jox0JxKj+1vajHi5+rnMqU+MuGHEv05rXKesw9S7WI+17yAly4g1TtOybyjRna2t4FgSLTCqWiF+ALlqHHqovmpgo8d6sr2hilugfKRzA3/VAGfSm0c8pdXpmNx7phoX2jnDHzKauc0O3vpXAogqK5JQDMMPqzJ72C21Ku7mUFc+1CtDJHRml8Yana53RYfofEo85ND+PsPZ13iKkgZRRav2vKOZZxezi94awdcFXauGfuDXS1bZLdJ/C34cq8kGK0IuhgFet6dKQC92pn1Rgx5f+PsmQv5hllrVIVa1QSwEQmFlVSL3ZJCK5vL8mmEcXBThyVVxssF0YUhql/ZroNuuF6JkCPTcj7Aot4KiVlLvSSd7tdynIaoe2bolD8s3xGnIDWBnxavpsS9YZM946vVy2JRjm05CHawjLHa05f6av2u8n+rVFCYFVp5APmEV2aqLzgIFsoE94YSAk7vERiJDxPG/7r0JRrVw5ldbqKOLYV6S212P0oZOyQN1sd+tZbVw5qoYvxr08DCqPFBKco96oElNSs4yKK8PH6/n8yp9lV6YIkbYzt86vvirUvPScZiQfFNhhVKbdpZkEPwkRsRXy6VVbWgUoCr/kw36DElZPHEU/i72yt4DuD22/O60S7IXHXELe12OvOwg5ixcPmL+cWA3ycBhqoj+PQARAQABtCZTa3VpZCBTZWN1cml0eSA8c2VjdXJpdHlAc2t1aWRpZnkuY29tPokBIgQTAQoADAUCVuL8TgWDB4YfgAAKCRDV7GJ9nc5f68ovB/wJwfiRHOXPxD3c9KqxlclaezlDNcbrKRZgbW7MGANJjKLOCDprdkcGadeaaaTChceznXyP70lmn07DEkTgqgeo3O6F1Imk6HYGLyggp2Cg/yhtPrI056qtTgflUXY1dFBVMxO0dnxVOSMF3FRsUzjsj0JPFdfixg2aoySnUVzLsfmeGuZisCEi0BWsfRuW0hsLWL1vT5/M0N/LZZOkZJ+RLpNc6QJTl/3QeQ8vXHwkTvlw5v+udQjbGR24Yla+HUUyiP96YimsPrWEHM2rlWHGGcCOYUcdRNdezyRFXUTQYdSg0Tl7TA4hR3Fn3+x38lLAcoGeAPfLHFVlEnAg3xeDiQI9BBMBCgAnBQJW4vYLAhsDBQkHhh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEOeKuXXb4b/yMdoQAKOiQjy7ZxarXwd8R5URu4QV8K9DtGstDAwCkoKu63XK7V2yz3vZlmwbD5R0Zz0wQSiFHPuAU0cHVQslRiRlShJKi/bUQ1sr0ynVSpME66R1KZ948Q8H1wD4pvFT/LEnqktMdkrkYswb02Te7cHx0OtenVFiD80ZHWyA4LAfxUbH4Md1Xc3Lepx8YAVytj3pAroFEnsJNkQ5Txx+/VbKP4TqnEyy7yB9FbXhb5MhKP+BLLsQIpg2lJYsTwhuKbV40X+rd5Coe7ZFwiVQR/OwXTP1bESssYQI999UvTDf4NPb5vBp80bbQ3j6dI6VwdctbQn3qBDlJ9uYUjcTZSfYF9Mk/D0ETa3RbH5TfWUnfABGUiW5Qzl03SI5lpGFlMx8Wb4EyY4x4aS0en8GCtm9AKv+upxD5VTXeC/qBIGboSCETp3tepeQsnQ9vByLKDIwh4fO3WDtir6mVD6QbBxyN+xZz+Ya+bJ1qigZbZIh52SdqgceKulWmtwMwUsUKZvO/f4FWBOnpAaMhQOwQRo8lVS4Voc/Inne6qjPMxDmvCscF1mzqvr6Ss7y/jr0dWRBlOL10ly4Z6hJgM6dcFnGAeD42oBNSqW8DS7Te3QrEAHQX+LuEbyqQ7JdDtW0ipidK+qslzWJyHNTINgTldAjuSaqmGW4qT5ymyPcFwznh04wuQINBFbi9gsBEACvCeSm808rYMV+88zPz5JJnFxA0ZT4fOuJXI5/KefCXke2lG9ikbcgaLCh4PXy+1WlLMJmbZwIpcu2XjEGWKnYa7RENodcnZ6pbTXyAhXi8dLhPXM2bANEsexeruIdWQI9X2DT6LUFfqRv0RG6gwc7p9lcNDHgqSL5ZWbIC5tsEIC+Q1d0WVFCzyUFNSRm4eAlV40uQGaqeNpwq2phSHQnBbRq0wle3WTQvWjdNjMlti1B2n55fGfO6IzCxp4j5QSCBUInRegmxlwG8S2gOo2DIDVKhf2xlzVkqRuc43ZvE8GhDoSLaDqAks3IHGAS5/lnkZ3hZZcNaBfIZ18KRA9LWYkAdSDOcgNxCfMk4D0zGl8sdKwFH32JiekXfwZhWa3gKFy+SamBzId+hZcLptJFPf1j3yzWlU6DMxokU/InGQGf5jDVznPAwHy1u7PyTe6G+ZR+DgGQZ1C7pyCpWtYDjXD3UVkiFcX4YRiY2cL5PYjmLDKcNdRkJ+qzxMo4hOgUFr2uHdMleGkCawImyeUulEjZDSUqId65BpkQThjPqeRW9q3S0z0qJTe0Iv2ANuZyi4ESHZNsW6BD+MTrZYMQJsfn3uvJJQeT//X6FAWb0aC2w+wEaROL+xejkmH3GWCObzZ033uiOKwMIfIEQAtzomh/Qtq8Gk+n2InFlxEbnQARAQABiQIlBBgBCgAPBQJW4vYLAhsMBQkHhh+AAAoJEOeKuXXb4b/ykccP/3Fwp0OMlRAs8UqV2RngxVK8QIBCrc02gs8V25lqPz8R1BIupy2Y7rVpEhl4m3vPRDzsWMG07MNkOkcpScyQd07VZCOKvsM81xXls19nSCuVRJonYLltbIPPbHbujVQrW+ySB16lcSrxoQwnoE2tJLCC9XCLs8XxxCmbnCo6AVzctFEQYrNrjVsXIlAd02eHegylRKztpVGisOyJsuJyG3SOF7ut1TJf9+7ZsKXShdujCSRJ+uyh7rduhQK+cl/iWN/RsIvJuVWV/tIeTIt5BK+7gDU2pfcdVIWAIPjzDa7xf/6GL7+14miXYC55aZ3jFm/dQn6ik6nBN+Ja2hv5i8V9YJy9RuCnFKa5omgjqEnZUip/MjEvgvRYoEBvUCcM8ECntSbk5ih8t0PoidEa/jozUtv9RY+Pu7R7SR3l3HM6FKKDamlulo1VKxYU8bw/XKFk0d1TanxpqD6MPlJkc1+9jbM4w4NEJ06y9QQYjS9RAh+hWn8QKZwWdFk8qXOfKcm8SRW6GZqEsiAITtcHGjQgGRjokv+htB2/O8Dyw+3Q4bfwPCKlicrDmx1u108O4yeCF9bsSlaG089MF4+tkBYPYy3VmI1BySJHCH6R3suUuxhNA23gDTRuQ60KBNH/rtAYjQ5W8KIZDp0BPi+beoHRftOITMNtBp9vWl93GBQk=q39P
—–END PGP PUBLIC KEY BLOCK—–