Enterprise-grade security at Dynamic Yield

We believe trust is earned, which is why we’ve built a robust security program to safeguard your most valuable assets.

A dedicated security team

We brought together some of the most experienced professionals in the space to design, develop, and deploy architectures, policies, and procedures rooted in safety and trust.

Led and managed by a Chief Information Security Officer (CISO)

Includes DevSecOps, GRC, application, and infrastructure experts

Partners with trusted
third-party security vendors

Side-by-side collaboration with
our Data Privacy Officer (DPO)

Embedded security champions
within R&D teams

“You want to use the Dynamic Yield platform to grow your business, and it’s our business to ensure the right technology, processes, and practices are in place so you can do that securely, without even having to think about it.”

Ilan Kaplan Chief Information Security Officer (CISO), Dynamic Yield

A responsibility that extends across the org

We prioritize proper education for all employees, from the time they begin their career with Dynamic Yield through their full tenure with the company.

Training & awareness

Our talent is trained and briefed on the contractual obligations taken on by the company as it relates to the data security of clients and periodically receives security awareness training.

Communication & education

All employees are contacted on a regular basis for the expansion of company-wide knowledge on topics such as phishing campaigns, emerging threats, and other industry-related security topics.

Additional in-house security measures

Workstation protection

Anti-malware and antivirus protection is installed and monitored on all laptops to maintain compliance with security standards.

Vulnerability management

Security tools detect and mitigate any operating system (OS) or application vulnerabilities and threats within the Dynamic Yield ecosystem.

Third-party security

Outside vendors are certified and undergo annual reviews to validate ongoing compliance with our security standards.

Security assessments

We use rotating third parties to perform penetration testing and verify there are no exploitable vulnerabilities in our systems on a regular basis.

Cloud security

Our production environment is hosted by Amazon Web Services (AWS) – known for the highest standards in security.

Defense layers

FireWall, VPN, segregation, threat and traffic detections, and more are in place to secure our network, application, and entire architecture.

ISO 27001

Leveraging our world-class security program, we were awarded certifications such as ISO/IEC 27000-series, ensuring information assets such as financial info, intellectual property, and employee details, are safe and secure.

How we’ve secured Experience OS

From comprehensive authentication and authorization measures to safe code development, trusted cloud security, and more, enterprise brands can use our operating system with confidence.

Multi-factor authentication

Only users that present two or more methods of authentication are allowed to log in to Experience OS.

Password management

All account passwords must fulfill minimum requirements, which are salted during the hashing process and never stored in cleartext.

Account lockout

Multiple unsuccessful login attempts result in a locked account, with password re-entry required upon time-out.

Role-based access controls

Access to Experience OS is granted under strict procedures and is regularly monitored and audited.

Secured customer data

Data is stored separately, with unique Personal Data encryption keys, and only accessed for the purpose of content delivery.

Data segregation

Our cloud infrastructure is broken into separate services and regions, with load balancers for uninterrupted, continuous operation.

Encryption in transit

Our web servers support strong encryption protocols such as TLS 1.2 to secure data in transit and via API connections.

Encryption at rest

Personal data is stored in encrypted RDS, with a stronger encryption algorithm (RSA 4096 key) and tightly managed access.

Data upload protection

Multiple measures are implemented to scan and test any data that is uploaded into Experience OS.

Additional layers of product security

A continuously monitored
environment

Our system and application development life cycle follows industry-standards for security such as Open Web Application Security Project (OWASP) recommendations. In addition, all R&D team members go through extensive training in application security and are deeply committed to secure code development practices.

A tight development
lifecycle

We utilize a wide range of tools to monitor our environment across data centers, both on the server and application level. Security and application logs are distributed into our main logging aggregation server and are continuously reviewed for anomalies by a 24×7 Network Operations Center (NOC) as well as our security team.

Disaster recovery and
business continuity

Our system’s production environment is hosted by Amazon Web Services (AWS), which provides the highest resiliency and availability commitment. In addition to Dynamic Yield’s information being stored in multiple geographic regions and availability zones, we have established a meticulous playbook that enables us to remain operational in the event of most failure modes, including natural disasters or system failures.

We’re here to answer your questions

“If you want to know more about Dynamic Yield’s security framework or any of the measures outlined on this page, please don’t hesitate to contact us at dy-security@dynamicyield.com.”

The Dynamic Yield Security Team