Data Security & Operating Environment
1. Availability and Reliability
2. Data Encryption (In-Transit and At-Rest)
4. Vulnerability & Penetration Testing
5. Product-Based Secure Access Features
1. Availability and Reliability
Kintone utilizes Amazon Web Services (AWS) hosting infrastructure. Our services are geo-redundantly replicated across multiple availability zones for high availability and reliability.
The availability of the main functions of kintone.com can be confirmed on the Status Page (https://kintone.statuspage.io).
1.2 Operating Hours
Our platform operates 24 hours a day, 365 days a year (excluding pre-announced maintenance), with regular backup and redundancy built-in.
1.3 Scheduled Downtime
Sometimes we need to perform maintenance to keep kintone.com working smoothly. If scheduled downtime is necessary, we’ll give you at least 1 week advance notice.
1.4 Support
1.4.1 Support Hours
Standard support hours are Monday through Friday 9 am – 5:00 pm PST. More detailed Support SLA can be found here.
1.4.2 Support Contact
Support phone number: 415-692-6546 Support e-mail: support@kintone.com
1.5 Data Backup
The most recent 14-days of data is stored for system recovery. Files uploaded to Kintone are not backed up as the daily backup, and instead rely on Amazon S3’s internal redundancy mechanism.
1.6 Data Deletion
All data stored within a customer account sub-domain shall be deleted upon the expiry of the retention period we separately determine.
2. Data encryption in transit and at rest
Customer data stored at kintone.com is encrypted using AWS features. AWS RDS, S3, and so on.
All data is encrypted as it moves between our servers and your web browser.
The Kintone service is offered only with SSL connections, and provides optional
IP address connectivity restrictions, 2-Factor Authentication.
3. CSIRT
Cy-SIRT (Cybozu Computer Security Incident Response Team) is an in-house expert security group created to prepare against and handle any Security incidents. Cy-SIRT helps create policies to protect against threats and responds rapidly and in real-time to identify, contain, and eradicate threats as they arise.
4. Vulnerability & Penetration Testing
Kintone has third-party vulnerability testing auditors such as Vulnerability Defense Laboratory perform vulnerability/penetration audits on our platform on a semi-annual or as needed (when any major updates occur) basis.
To see the all the testing reports, click here
A penetration test simulates the actions of an external and/or internal cyber attacker that aims to breach the information security of the organization.
Found a security problem? Report it here.
5. Product-Based Secure Access Features
Read the help documentation for details on each feature. https://get.kintone.help/
SAML
Security Assertion Markup Language (SAML) is an XML-based open standard data format that links authentication information across several security domains. If SAML Authentication is used, you can single sign-on into Kintone using the user account that is registered in your company’s Identity Provider (IdP). To use Kintone as the Service Provider (SP) to link with SAML Authentication, an IdP that supports SAML 2.0 is needed.
Two-factor authentication
Two-factor authentication is an added layer of security for your Kintone account. This makes it more difficult for someone else to log in to your account.
IP address restrictions
Restricts access from IP addresses that are not listed.
Login and Password Policies
Password settings
The following is a list of password settings that can be configured when setting up a Kintone account.
- Password Character length
- Password Character complexity
- Password reuse policy
- Password expiration policy
Logins
Account lockout policy
Account lockout threshold – number of incorrect attempts
Account lockout duration – length of time the lockout will occur.
Automatic login policy
Enable/disable auto login
Enable auto login duration
Audit Log
You can browse and download the audit log of operations such as logins, modifications, file downloads, etc. Custom audit log settings can also be set to initiate notification emails.
6. Security Assessment
CyberGRX provides a third-party validated cyber risk assessment of Kintone’s security.
This assessment assesses Kintone’s compliance with industry standards and the security protocols built into our infrastructure.
You can request access to Google Cloud’s CyberGRX third-party cyber risk assessment tier 2 report and self-attested responses here.
7. Compliance
Information Security Management System (FISC)
As mentioned above, the data centers the Kintone.com cloud is currently operating from comply with The Center for Financial Industry
Information Systems (FISC) Facility Safety Standards, considered one of the
strictest compliance agencies in Japan.
In fact, the data centers meet Tier 4 specifications, the highest level, for most of the categories in the Data Center Facility Standards as regulated by the Japan Data Center Association.