Security at Consensys
At Consensys, security, privacy and trust are our top priorities. We believe that strong security is fundamental to achieve and maintain trust with our community, government, customers, banks, and financial organizations, and what makes Consensys the world’s Ethereum blockchain leader.
Here’s how we protect and secure our products and services:
General Security
Consensys is ISO 27001:2022 certified, a security assurance covering the security of our people, technology and processes. Other security certifications granted to Consensys include:
- Consensys Staking SOC 2 type 2
- MetaMask Institutional SOC 2 type 1
- MetaMask SOC 2 type 1
Our people and community
- Consensys has a dedicated security team formed by experienced specialists skilled in multiple disciplines.
- Many of our employees embrace their role as cybersecurity champions to make sure our solutions are secure.
- All our employees and contractors receive mandatory security awareness training.
- Our dedicated community specialists actively engage with our community to keep everyone safe.
Privacy
Our privacy policy can be found here https://consensys.io/privacy-notice
Services
- Our services are built on secure cloud infrastructure, protected by web performance and security services against DDOS and network attacks, using data encryption in-transit and at-rest.
- Our technology and solutions are highly resilient based on blockchain distributed systems.
Infrastructure
- Consensys is a cloud native company, we utilize cloud industry leaders to build our services including Amazon Web Services, Google Cloud Platform and Azure infrastructure.
- Our services and solutions are designed focused on security, scalability and reliability, offering multiple service or exclusive availability zones configured to meet customer demands
- We use centralized identity management with enabled MFA to secure access to our core solutions.
- These cloud services are certified and compliant to multiple security standards including ISO27001, SOC 2, and GDPR. We are in the process of implementing SOC2 for some of our services.
Security monitoring
- Our dedicated Customer Success engineers, DevOps and Security teams monitor and respond to any unforeseen incidents.
- Our infrastructure is monitored by security cloud solutions, monitoring tools, incident management and native security controls configured to prevent, detect, respond and correct to security incidents, vulnerabilities and misconfigurations.
- Our security Incident management process aligned to ISO 27001:2013
Coding
- Our applications undergo a static code analysis, peer review, library dependency to prevent vulnerabilities from being embedded into our solutions.
- We prioritize our customers security needs, including security best practices and tooling enabling continuous security.
Audits and Assurance
Our core solutions are pen tested regularly by independent parties. Security researchers can submit bugs in our solutions through our bug-bounty program, and get rewarded for their efforts. Diligence, our offensive security team, provides internal and external services.