Security and privacy are part of the core foundations of the TackleBox platform. TackleBox helps customers find better ways to leverage data, and as a result, the protection of data is paramount. That means security is incorporated into every feature development of TackleBox. We hold TackleBox to the highest standards for privacy and security standards.
TackleBox employees a defense in depth strategy to protect data. This strategy makes use of multiple layers of security control to secure TackleBox data properly.
TackleBox is hosted in Microsoft Azure datacenters. Azure datacenters provide rigorous physical security controls. Azure is designed and managed to meet or exceed a broad set of international and industry-specific compliance standards, such as ISO 27001, FedRAMP, SOC 1, and SOC 2.
Azure designs, builds, and operates data centers in a way that tightly controls physical access to the areas where TackleBox data is stored. Azure datacenters have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the data center floor.
Protecting data is fundamental to TackleBox, and as a result, all available security controls are used to protect customer data.
TackleBox encrypts all customer data to ensure it is protected within the platform. Encryption ensures that customer data remains private and can not be tampered with. TackleBox’s encryption standard requires the following:
TackleBox maintains many procedures to ensure the protection of data. At the core of TackleBox, all customer data is protected with row-level access control lists to ensure granular security.
Separation of duty ensures that only the TackleBox DevOps team has access to production systems.
The internal TackleBox team audits security protections and monitors for security incidents using machine-learning behavior analysis
The TackleBox Software Development Lifecycle (SDLC) fully incorporates industry-standard security best practices. TackleBox’s AppSec program includes the following:
TackleBox is a native cloud application leveraging Microsoft’s Azure public cloud. Azure provides core security functionality for TackleBox. However, TackleBox performs cloud security posture monitoring to ensure all cloud components are correctly configured and free of vulnerabilities.
Remediating cloud vulnerabilities are treated with the highest priority by the TackleBox team.
TackleBox leverages federated authentication to allow users to access the application using their existing identity. The identity provider handles passwords and 2nd-factor authentication. TackleBox trusts the identity provider and grants appropriate access.
TackleBox follows the NIST Cybersecurity Framework for security management. The NIST CSF is used as a basis for TackleBox’s standards and guidelines. The Azure CIS benchmark is also used as a benchmark for cloud security.