Layer is committed to providing best-in-class security. Here are some of the precautions we take to ensure we protect our customers' data:
Data at rest - All datastores with customer data, including databases and Google Cloud Storage buckets, are encrypted at rest.
This means the data is encrypted even before it hits the database or the bucket, so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.
Data in transit - Layer uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by Google Cloud Platform and deployed via Application Load Balancers.
Role based access - All data is segregated into workspaces, and access to data is managed by roles set by workspace admins. This ensures that only authorized users have access to data stored on our platform.
Layer is in the process of completing its SOC 2 Type I and Type II certifications. This ensures that our security follows best practices and is verified by independent auditors.
You can email us at [email protected] to get a copy of these certifications once they are ready.
We ask all researchers that find vulnerabilities with Layer's systems to email us at [email protected] with a detailed report of the vulnerability and steps to reproduce, and to hold off on publicly disclosing the vulnerability until we get a chance to respond to your email and remedy the vulnerability.