Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

Data Security

Gigya is ISO 27001, 27018 and SOC 2-certified and is registered with IQNet. Gigya invests considerable resources to ensure that the assets our customers entrust to us are safeguarded at all times by employing industry best practices and consistently keeping our information identity management security system and security practices up-to-date with the latest and most stringent policies and regulations.

Gigya has published a very detailed Self-Assessment Report to the Cloud Security Alliance STAR program in order to allow our customers to review our compliance with current security and privacy best practices.

Information security certificates

Physical Security

Physical security is maintained by SSAE16-certified Equinix IBX in our US data center, and stringently enforced in our Australian and European data centers. All data centers offer multiple physical security layers, including armed guards, advanced intrusion detection technologies and strict permission access protocols.

App Development Security

Security considerations play an integral role in every step of the product development process. During product specification, technical design, development and testing, security measures are continually tested, optimized and implemented. Gigya uses the OWASP top 10 list as a high-level security guideline during development.

OWASP guidelines can be found here:

Security At Rest

Gigya implements ISO 27018:2014-certified measures to protect Personally Identifiable Information (PII) by transparently encrypting all PII and other sensitive data at rest by default using the AES-256 algorithm. Passwords are hashed using the NIST-approved PBKDF2 algorithm. In addition, to further protect access to the data, Gigya uses HMAC-SHA1 to digitally sign its requests and requires customers using the APIs to sign their requests to Gigya servers with the same algorithm. Alternatively, Gigya offers API access that is fully OAuth2.0-compliant.

Access to information via Gigya’s Administration Console is also protected through a two-factor authentication process and a powerful roles and permissions architecture, providing site administrators granular control over what individual system users can see and do.

Security In Motion

Gigya uses a secure channel (TLS) when transferring sensitive data to and from its servers. In addition, REST API calls that perform critical operations, such as deleting users, are only permitted as server-to-server signed requests.

Meet us at

Gartner IAM
Las Vegas

December 3-5, 2018

View Event >
Gartner Summits - Join us December 3-5, 2018 | Las Vegas, NV

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.