Skuid Security Overview

Skuid highly values its Customer and Partner relationships and the trust they have placed in Skuid to access their data. Skuid partners with world-class cloud and technology providers and utilizes industry leading technology in the development of its products and services. In addition, Skuid and its partners have implemented a variety of policies, processes, controls and certifications to provide proper security and protection of Customer data. The sections below provide an overview of the security related aspects of the Skuid Platform and Skuid Salesforce offerings:

Skuid Platform

The Skuid Platform is a user experience platform that runs on the Amazon Web Services (AWS) cloud computing platform allowing Skuid Customers to access data from data stores managed by the Customer and/or their Partners (e.g., Microsoft, SAP, Salesforce). This arrangement is referred to as a shared Security Model where AWS, Skuid and Skuid Customers have specific responsibilities with respect to the security of the overall application.

Key points regarding Skuid’s security profile with respect to the Skuid Platform offering are listed below:

  • Privacy Policy
  • EU-U.S. and Swiss-U.S. Privacy Shield self-certification
  • Information Security Policy
  • Data Security Incident Management Policy
  • Information Classification Policy
  • SOC 1 Type 2 Audit Report targeted for 1H2018
  • Background Checks performed on all employees
  • All employees attend Security Awareness training
  • Wholedisk encrypton of employee laptops
  • Encryption of data in transit using a browser is performed via HTTPS/TLS
  • Data (user credentials) are encrypted at rest
  • Data backups are encrypted
  • Infrastructure configuration scans are performed on a recurring basis
  • Dynamic Web Application Scans of are performed with each release
  • Static code scans are performed on all code commits
  • Intrusion Detection System (IDS) capabilities are utilized on the infrastructure to provide real-time monitoring of all network traffic
  • Highly available / redundant architecture with multiple availability zones per region

More detailed information regarding the security profile of AWS can be found here: https://aws.amazon.com/security/

Skuid Salesforce

Skuid Salesforce is a Salesforce managed package that runs on the Salesforce platform. As such, Skuid is dependent on Salesforce to provide the hosting, operational, availability, and security infrastructure. As a Salesforce managed package, Skuid adheres to the associated Salesforce security requirements for any managed application on the Salesforce platform.

Key points regarding Skuid’s security profile with respect to the Skuid Salesforce offering are listed below:

  • Privacy Policy
  • EU-U.S. and Swiss-U.S. Privacy Shield self-certification
  • Information Security Policy
  • Data Security Incident Management Policy
  • Information Classification Policy
  • Background Checks performed on all employees
  • All employees attend Security Awareness training
  • Wholedisk encrypton of employee laptops
  • Encryption of data in transit using a browser is performed via HTTPS/TLS
  • Enforcement of the Salesforce security model is performed server-side by Apex on every transaction that involves queries or DML operations
  • User account data is stored in Salesforce’s protected custom setting records and username and password values are encrypted at rest
  • Skuid supports both Salesforce Classic Encryption and Shield Platform Encryption for data at rest
  • Force.com Checkmarx scans are performed on each release
  • Static code scans are performed on all code commits

More detailed information regarding the security profile of Salesforce can be found here: https://trust.salesforce.com/en/

Vulnerability Reporting

Skuid, Inc. (Skuid) highly values its Customer and Partner relationships and the trust they have placed in Skuid to access their data. Security is of utmost importance to Skuid and we encourage responsible reporting of any vulnerabilities that may be found in our offerings. Skuid and its Partners are committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us.

If you suspect any security related issues, please contact us at infosec@skuid.com. If desired, you may use the following PGP key for additional security in your communication. The fingerprint is:

69DE D191 318D 5D3C A62E  BFB2 E78A B975 DBE1 BFF2

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFbi9gsBEADCsbg6jox0JxKj+1vajHi5+rnMqU+MuGHEv05rXKesw9S7WI+17yAly4g1
TtOybyjRna2t4FgSLTCqWiF+ALlqHHqovmpgo8d6sr2hilugfKRzA3/VAGfSm0c8pdXpmNx7
phoX2jnDHzKauc0O3vpXAogqK5JQDMMPqzJ72C21Ku7mUFc+1CtDJHRml8Yana53RYfofEo8
5ND+PsPZ13iKkgZRRav2vKOZZxezi94awdcFXauGfuDXS1bZLdJ/C34cq8kGK0IuhgFet6dK
QC92pn1Rgx5f+PsmQv5hllrVIVa1QSwEQmFlVSL3ZJCK5vL8mmEcXBThyVVxssF0YUhql/Zr
oNuuF6JkCPTcj7Aot4KiVlLvSSd7tdynIaoe2bolD8s3xGnIDWBnxavpsS9YZM946vVy2JRj
m05CHawjLHa05f6av2u8n+rVFCYFVp5APmEV2aqLzgIFsoE94YSAk7vERiJDxPG/7r0JRrVw
5ldbqKOLYV6S212P0oZOyQN1sd+tZbVw5qoYvxr08DCqPFBKco96oElNSs4yKK8PH6/n8yp9
lV6YIkbYzt86vvirUvPScZiQfFNhhVKbdpZkEPwkRsRXy6VVbWgUoCr/kw36DElZPHEU/i72
yt4DuD22/O60S7IXHXELe12OvOwg5ixcPmL+cWA3ycBhqoj+PQARAQABtCZTa3VpZCBTZWN1
cml0eSA8c2VjdXJpdHlAc2t1aWRpZnkuY29tPokBIgQTAQoADAUCVuL8TgWDB4YfgAAKCRDV
7GJ9nc5f68ovB/wJwfiRHOXPxD3c9KqxlclaezlDNcbrKRZgbW7MGANJjKLOCDprdkcGadea
aaTChceznXyP70lmn07DEkTgqgeo3O6F1Imk6HYGLyggp2Cg/yhtPrI056qtTgflUXY1dFBV
MxO0dnxVOSMF3FRsUzjsj0JPFdfixg2aoySnUVzLsfmeGuZisCEi0BWsfRuW0hsLWL1vT5/M
0N/LZZOkZJ+RLpNc6QJTl/3QeQ8vXHwkTvlw5v+udQjbGR24Yla+HUUyiP96YimsPrWEHM2r
lWHGGcCOYUcdRNdezyRFXUTQYdSg0Tl7TA4hR3Fn3+x38lLAcoGeAPfLHFVlEnAg3xeDiQI9
BBMBCgAnBQJW4vYLAhsDBQkHhh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEOeKuXXb
4b/yMdoQAKOiQjy7ZxarXwd8R5URu4QV8K9DtGstDAwCkoKu63XK7V2yz3vZlmwbD5R0Zz0w
QSiFHPuAU0cHVQslRiRlShJKi/bUQ1sr0ynVSpME66R1KZ948Q8H1wD4pvFT/LEnqktMdkrk
Yswb02Te7cHx0OtenVFiD80ZHWyA4LAfxUbH4Md1Xc3Lepx8YAVytj3pAroFEnsJNkQ5Txx+
/VbKP4TqnEyy7yB9FbXhb5MhKP+BLLsQIpg2lJYsTwhuKbV40X+rd5Coe7ZFwiVQR/OwXTP1
bESssYQI999UvTDf4NPb5vBp80bbQ3j6dI6VwdctbQn3qBDlJ9uYUjcTZSfYF9Mk/D0ETa3R
bH5TfWUnfABGUiW5Qzl03SI5lpGFlMx8Wb4EyY4x4aS0en8GCtm9AKv+upxD5VTXeC/qBIGb
oSCETp3tepeQsnQ9vByLKDIwh4fO3WDtir6mVD6QbBxyN+xZz+Ya+bJ1qigZbZIh52Sdqgce
KulWmtwMwUsUKZvO/f4FWBOnpAaMhQOwQRo8lVS4Voc/Inne6qjPMxDmvCscF1mzqvr6Ss7y
/jr0dWRBlOL10ly4Z6hJgM6dcFnGAeD42oBNSqW8DS7Te3QrEAHQX+LuEbyqQ7JdDtW0ipid
K+qslzWJyHNTINgTldAjuSaqmGW4qT5ymyPcFwznh04wuQINBFbi9gsBEACvCeSm808rYMV+
88zPz5JJnFxA0ZT4fOuJXI5/KefCXke2lG9ikbcgaLCh4PXy+1WlLMJmbZwIpcu2XjEGWKnY
a7RENodcnZ6pbTXyAhXi8dLhPXM2bANEsexeruIdWQI9X2DT6LUFfqRv0RG6gwc7p9lcNDHg
qSL5ZWbIC5tsEIC+Q1d0WVFCzyUFNSRm4eAlV40uQGaqeNpwq2phSHQnBbRq0wle3WTQvWjd
NjMlti1B2n55fGfO6IzCxp4j5QSCBUInRegmxlwG8S2gOo2DIDVKhf2xlzVkqRuc43ZvE8Gh
DoSLaDqAks3IHGAS5/lnkZ3hZZcNaBfIZ18KRA9LWYkAdSDOcgNxCfMk4D0zGl8sdKwFH32J
iekXfwZhWa3gKFy+SamBzId+hZcLptJFPf1j3yzWlU6DMxokU/InGQGf5jDVznPAwHy1u7Py
Te6G+ZR+DgGQZ1C7pyCpWtYDjXD3UVkiFcX4YRiY2cL5PYjmLDKcNdRkJ+qzxMo4hOgUFr2u
HdMleGkCawImyeUulEjZDSUqId65BpkQThjPqeRW9q3S0z0qJTe0Iv2ANuZyi4ESHZNsW6BD
+MTrZYMQJsfn3uvJJQeT//X6FAWb0aC2w+wEaROL+xejkmH3GWCObzZ033uiOKwMIfIEQAtz
omh/Qtq8Gk+n2InFlxEbnQARAQABiQIlBBgBCgAPBQJW4vYLAhsMBQkHhh+AAAoJEOeKuXXb
4b/ykccP/3Fwp0OMlRAs8UqV2RngxVK8QIBCrc02gs8V25lqPz8R1BIupy2Y7rVpEhl4m3vP
RDzsWMG07MNkOkcpScyQd07VZCOKvsM81xXls19nSCuVRJonYLltbIPPbHbujVQrW+ySB16l
cSrxoQwnoE2tJLCC9XCLs8XxxCmbnCo6AVzctFEQYrNrjVsXIlAd02eHegylRKztpVGisOyJ
suJyG3SOF7ut1TJf9+7ZsKXShdujCSRJ+uyh7rduhQK+cl/iWN/RsIvJuVWV/tIeTIt5BK+7
gDU2pfcdVIWAIPjzDa7xf/6GL7+14miXYC55aZ3jFm/dQn6ik6nBN+Ja2hv5i8V9YJy9RuCn
FKa5omgjqEnZUip/MjEvgvRYoEBvUCcM8ECntSbk5ih8t0PoidEa/jozUtv9RY+Pu7R7SR3l
3HM6FKKDamlulo1VKxYU8bw/XKFk0d1TanxpqD6MPlJkc1+9jbM4w4NEJ06y9QQYjS9RAh+h
Wn8QKZwWdFk8qXOfKcm8SRW6GZqEsiAITtcHGjQgGRjokv+htB2/O8Dyw+3Q4bfwPCKlicrD
mx1u108O4yeCF9bsSlaG089MF4+tkBYPYy3VmI1BySJHCH6R3suUuxhNA23gDTRuQ60KBNH/
rtAYjQ5W8KIZDp0BPi+beoHRftOITMNtBp9vWl93GBQk
=q39P
-----END PGP PUBLIC KEY BLOCK-----