We brought together some of the most experienced professionals in the space to design, develop, and deploy architectures, policies, and procedures rooted in safety and trust.
Led and managed by a Chief Information Security Officer (CISO)
Includes DevSecOps, GRC, application, and infrastructure experts
Partners with trusted
third-party security vendors
Side-by-side collaboration with
our Data Privacy Officer (DPO)
Embedded security champions
within R&D teams
“You want to use the Dynamic Yield platform to grow your business, and it’s our business to ensure the right technology, processes, and practices are in place so you can do that securely, without even having to think about it.”
We prioritize proper education for all employees, from the time they begin their career with Dynamic Yield through their full tenure with the company.
Our talent is trained and briefed on the contractual obligations taken on by the company as it relates to the data security of clients and periodically receives security awareness training.
All employees are contacted on a regular basis for the expansion of company-wide knowledge on topics such as phishing campaigns, emerging threats, and other industry-related security topics.
Anti-malware and antivirus protection is installed and monitored on all laptops to maintain compliance with security standards.
Security tools detect and mitigate any operating system (OS) or application vulnerabilities and threats within the Dynamic Yield ecosystem.
Outside vendors are certified and undergo annual reviews to validate ongoing compliance with our security standards.
We use rotating third parties to perform penetration testing and verify there are no exploitable vulnerabilities in our systems on a regular basis.
Our production environment is hosted by Amazon Web Services (AWS) – known for the highest standards in security.
FireWall, VPN, segregation, threat and traffic detections, and more are in place to secure our network, application, and entire architecture.
Leveraging our world-class security program, we were awarded certifications such as ISO/IEC 27000-series, ensuring information assets such as financial info, intellectual property, and employee details, are safe and secure.
Only users that present two or more methods of authentication are allowed to log in to Experience OS.
All account passwords must fulfill minimum requirements, which are salted during the hashing process and never stored in cleartext.
Multiple unsuccessful login attempts result in a locked account, with password re-entry required upon time-out.
Access to Experience OS is granted under strict procedures and is regularly monitored and audited.
Data is stored separately, with unique Personal Data encryption keys, and only accessed for the purpose of content delivery.
Our cloud infrastructure is broken into separate services and regions, with load balancers for uninterrupted, continuous operation.
Our web servers support strong encryption protocols such as TLS 1.2 to secure data in transit and via API connections.
Personal data is stored in encrypted RDS, with a stronger encryption algorithm (RSA 4096 key) and tightly managed access.
Multiple measures are implemented to scan and test any data that is uploaded into Experience OS.
We utilize a wide range of tools to monitor our environment across data centers, both on the server and application level. Security and application logs are distributed into our main logging aggregation server and are continuously reviewed for anomalies by a 24×7 Network Operations Center (NOC) as well as our security team.
The Dynamic Yield Security Team
