ISO 27001 Certified CMS
As an ISO 27001-certified CMS, Storyblok is one of the most secure, enterprise-grade CMSs available on the market. Storyblok is meticulously tested and monitored through best-in-breed security protocols.
Product operations
All data stored on Storyblok is hosted on Amazon AWS in Frankfurt, Germany with regular back ups, recovery tests and continuous automatic security tests through Detectify as well as regular penetrations tests to the entire system.
Security team
Regular vulnerability and penetration testing by Storyblok's security team and by leading third party security providers.
AWS environment
AWS environment safeguarded by WAF (web application firewall), AI-based intrusion detection via AWS Guard Duty and strong access control using certificate based authentication.
Continuous monitoring
Continuous monitoring and automatic scaling during high demand periods ensure consistently fast response times and service availability.
Software development
Storyblok incorporates industry leading security measures into every aspect of the software development life cycle (SDLC). This ensures that every line of code we produce follows the highest security standards from inception through to development, QA testing, and release.
- Strict adherence to OWASP secure coding best practices and guidelines.
- Dedicated security code reviews, continuous security training, and security testing.
- Automated vulnerability testing, scans, anomaly detection, and automated dependency updates.
Data privacy and protection
Our data privacy and protection protocols go well beyond compliance. For us data privacy is not just a checklist. It is one of our driving principles. Our desire to safeguard and protect this principle encompasses every aspect of our company - from software development to employee operations.
Data encryption
Data encryption (both in transit and at rest) employing key lengths and algorithms approved by industry leading standards.
Company-wide protocols
Company-wide protocols including strict access control, centralized endpoint management, mandatory security checks and regular security awareness training.
GDPR compliant
GDPR compliant data storage, management and data processing.
Security standards & certificates
ISO27001
Storyblok is ISO 27001 certified. This recognizes that all our products, operations, support processes and data storage protocols meet the highest international security standards.
OWASP code review
The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software.
GDPR
The General Data Protection Regulation (GDPR) is among the toughest privacy and security laws in the world. Storyblok is fully GDPR compliant.
WAF
A Web Application Firewall protects web applications by monitoring and filtering traffic.
AWS Guard Duty
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity.