Understand how we protect your data
The security, integrity, and availability of your data are our top priorities. We know how vital it is to your business success. To ensure you never have to worry, we use a multi-layered approach to protect and monitor all your information.
Customer Data Protection
Marketo's products are accessed across the Internet from secure and encrypted connections (TLS 1.0-1.2) using high-grade 2048 bit certificates.
- Each customer data stored in separate databases
- Individual user sessions are protected by unique session tokens and re-verification of each transaction
Marketo tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities.
- Marketo's SaaS services are based on proven and secure Open Source solutions and custom applications
- Applications and servers are regularly patched to provide ongoing protection from exploits
- Third-party assessments conducted regularly:
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Selected penetration testing
- Every major SaaS software release tested by QA and security teams for full scope of OWASP security risks
Physical and Environmental Security
Our service is hosted in dedicated spaces at top-tier data centers. The datacenter provider maintains:
- Biometric scanning for controlled data center access
- Security camera monitoring at all data center locations
- 24x7 onsite staff provides additional protection against unauthorized entry
- Unmarked facilities to help maintain low profile
- Redundant HVAC (Heating Ventilation Air Conditioning) units which provide consistent temperature and humidity within the raised floor area
- Sensors to detect environmental hazards, including smoke detectors and floor water detectors
- Raised flooring to protect hardware and communications equipment from water damage
- Fire detection and suppression systems (dry-pipe, pre-action water-based)
- Redundant (N+1) UPS power subsystem with instantaneous failover
Network Access Controls
- Network access to and from Marketo DMZ is controlled by dedicated firewall and IPS devices
- Access to Marketo servers require use of VPN with multi-factor authentication and extensive access monitoring
- Distributed Denial of Service (DDoS) mitigation services are used to protect servers
- Information Security team (including datacenter security team) monitors internal and external security events and implements corrective actions
- Systems access logged and tracked for auditing purposes
- Application access logs are collected and analyzed according to internal security procedures
- Marketo has Privacy Shield certification
- Marketo is SOC2 certified
- Marketo is Skyhigh Enterprise-Ready certified by CSA
- Access to customer data restricted to authorized personnel only, according to documented processes
- Access to SaaS servers is limited, logged and tracked for auditing purposes
- All employees in engineering, operations, and technical services (including datacenter staff) have extensive background check as a condition of employment.
- Security policies include:
- Customer Data Handling policy
- Secure document-destruction policies for all sensitive information
- Marketo has dedicated IT security and privacy personnel
- All employees (including datacenter employees) are trained on information security and privacy procedures
Service Availability Controls
- Marketo load-balances at every tier in the infrastructure, from the network to the database servers. Application server clusters are enabled to ensure that servers can fail without interrupting the user experience. Database servers are clustered for failover.
- Our primary data backup strategy leverages the snapshot and data mirroring capabilities that our enterprise storage systems provide. To satisfy data privacy requirements, backups are never sent out of the country in any of our data centers. The integrity of local backups is tested monthly by restoring a complete database from a selected snapshot copy to test systems and verifying the data. The same is done for offsite backups at least quarterly.
- Every component in the SaaS infrastructure is redundant. There are at least two of each hardware component that process the flow and storage of data. All network devices, including firewalls, load balancers, and switches are fully redundant and highly-available. High availability for Internet connectivity is ensured by multiple connections in each data center to different ISPs.