Ambassador Security
At Ambassador, we prioritize security for all of our clients. We’re committed to investing in securing our user data and protecting customer information.
Security Compliance
Ambassador employs industry-standard practices to adhere to widely accepted security and privacy frameworks, assisting our customers in meeting their compliance requirements. We implement robust security measures and uphold policies and procedures to comply with necessary data security standards. Through our continuous improvement program, we consistently reassess and enhance our information security protocols.
Standards and Certifications
Ambassador holds SOC 2 Type II and PCI certifications. As a SaaS company, we diligently strive to meet optimal security standards to safeguard our customers against potential vulnerabilities. We undergo routine audits to maintain and update our SOC 2 Type II reports, ensuring the ongoing integrity of our certification.
Vulnerability Management Program
Data security is of utmost importance to Ambassador. In addition to periodic third-party penetration tests, we utilize a dynamic suite of vulnerability detection and mitigation tools to promptly and efficiently address new vulnerabilities.
-
Penetration Testing Program
Annually, Ambassador collaborates with leading external security consulting firms to conduct penetration testing on our product lines and infrastructure. Our security and development teams work closely with these partners to review findings and develop remediation plans. We perform follow-up testing to ensure the effectiveness of remediation activities and provide summary reports to our clients upon request.
-
Data Encryption
Annually, Ambassador collaborates with leading external security consulting firms to conduct penetration testing on our product lines and infrastructure. Our security and development teams work closely with these partners to review findings and develop remediation plans. We perform follow-up testing to ensure the effectiveness of remediation activities and provide summary reports to our clients upon request.
-
Security Monitoring and Accessibility
At Ambassador, we ensure robust security monitoring and accessibility to safeguard our systems and user data. Our dedicated security team employs advanced monitoring tools to continuously track system activity, detect potential threats, and respond to anomalies in real time. We prioritize accessibility by adhering to best practices that ensure our security measures are inclusive, allowing all users to interact with our platform securely. By integrating automated alerts, detailed logging, and regular system health checks, we maintain a proactive stance against vulnerabilities while ensuring that our security protocols do not hinder user accessibility, providing a seamless and protected experience for all clients.
-
Incident Response
Ambassador is committed to swift and effective incident response to minimize the impact of any security events. Our incident response program is built on a comprehensive framework that includes preparation, detection, containment, eradication, and recovery phases. In the event of a security incident, our dedicated response team quickly assesses the situation, isolates affected systems, and implements mitigation strategies to prevent further damage. We maintain transparent communication with our clients throughout the process, providing timely updates and detailed post-incident reports. By conducting thorough root cause analyses and applying lessons learned, we continuously strengthen our defenses to ensure resilience against future incidents.
Frequently Asked Questions
-
How can we contact Ambassador’s security team?
For security questions, you may contact your customer success manager or email security@getambassador.com
-
Where does Ambassador store customers’ data?
Ambassador’s data centers are hosted with Amazon Web Services data centers in the state of Virginia in the United States. Data backups are also preserved in a US-based distributed database in Google Cloud.
-
Does Ambassador have a backup data center?
Ambassador uses Amazon Web Services Relational Database Service for backups with multiple availability zones. Each Availability Zone has its own power, cooling, and network connectivity and thus forms an isolated failure domain. Additional backups are made to a Google Cloud environment that distributes multiple copies of data across the US, mitigating the already rare possibility of a complete loss of data in AWS.
-
How can I perform an in-depth assessment of Ambassador’s security?
Your customer success team can help you obtain access to Ambassador’s online Security and Compliance Kit. There you will be able to access Ambassador’s security resources.
Ambassador does permit certain customers (e.g. Enterprise customers) the ability to perform audits beyond an inspection of the reports, questionnaires, and other artifacts available in the kit.
-
Can clients perform penetration testing on your services?
Ambassador does permit eligible customers to perform penetration testing on our services. Ambassador operates a comprehensive penetration testing program. Ambassador’s penetration testing executive summary reports are available through your sales representative or the customer success team.
-
Does Ambassador have formally documented written security policies and procedures that are regularly reviewed?
Yes. Ambassador maintains a comprehensive set of security policies and procedures in accordance with SOC 2 Type II and PCI security frameworks.
-
Can we receive Ambassador’s SOC 2 Type II Report?
Due to the sensitive nature of the material contained in the report, and the copyright requirements of the assessing firm, we can only share our SOC 2 report with eligible customers. An MNDA must be executed before the report can be viewed. For more information, please contact your sales representative or our customer success team.
-
Does Ambassador have a Disaster Recovery and Business Continuity plan?
Yes. Ambassador maintains a Disaster Recovery and Business Continuity plan that supports a robust business continuity strategy for the production services and platforms.
-
Can clients obtain a copy of Ambassador’s security policies?
Yes. Ambassador can provide copies of our security policies to customers upon written request. Please note that a mutual non-disclosure agreement must be signed and in place in order to receive requested policies.
-
Can customers receive Ambassador’s full penetration tests and vulnerability scan reports?
Yes. Ambassador can provide copies of our penetration tests and vulnerability scan reports to eligible customers (e.g. Enterprise) upon written request. Please note that a mutual non-disclosure agreement must be signed and in place in order to receive the requested penetration testing report.
-
Can we receive Ambassador’s full penetration testing reports?
-
How do we report a suspected security incident?
Ambassador provides all clients with access to our support teams, which are available to assist in handling urgent matters.
-
Will Ambassador report to us about a security breach or service outage?
Ambassador will notify affected customers about a breach of security compromising customers’ data. Additionally, customers are able to subscribe to service updates at http://status.getambassador.com to learn about general service availability, maintenance operations, or general security issues.
Free resources, Straight to your inbox.
Sign up for our Ambassador newsletter and get notified when we publish new eBooks, case studies, blog posts and more. It's like a crash course in referral marketing - and it's free. Plus, we promise not to spam you.