UME Security Overview

Updated November 1, 2022

UME is now officially SOC 2 Type II compliant. If your security and risk assessment require documentation of our practices for audit purposes, please use the request information at the bottom of this page.

Data Security

UME encrypts data at rest and in transit for all of our customers. Data is stored in unique a bucket for each customer with access for each transaction logged. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.

Application Security

UME works with the AWS SaaS Factory team and Partner network to ensure that our infrastructure is designed to protect all endpoints from malicious actors and intent. The application is hosted with AWS Cloudfront, providing DDoS mitigation while ensuring availability from anywhere in the world.

Communications

UME utilizes Twilio's communication services to provide audio, video and local device screen sharing. Data is routed from each participants browser to Twilio's servers where they are then routed to other participants. Twilio uses the highest standards for data encryption and transmission.

Virtual Workstations

When you utilize UME's virtual workstations, the machines are turned on in the AWS region closest to you, ensuring that your traffic is routed through servers in your geographic domain and compliant with any privacy and security standards in that region. We utilize application load balancing, firewalls, restrictive security groups, virtual private clouds and JSON web tokens to limit access to your virtual workstation.

Infrastructure Security

UME uses Amazon Web Services to host our application. We make full use of the security products embedded within the AWS ecosystem, including KMS, GuardDuty, and Cloudwatch. In addition, our business logic is run on serverless functions meaning we manage EC2 instances  in production.

Security Reports Available

Detailed security reports are available by request.