Cleartrace Security

Your energy data is safe with us.

At Cleartrace, security is essential to everything we do. Our program takes a holistic approach to security based on industry standards, covering:

  • Protection of data-at-rest, data-in-transit, and data-in-use
  • Secure product development
  • Continuous monitoring and auditing
  • Business continuity, disaster recovery, and emergency response procedures
  • End-user device protection and security awareness training

Infrastructure

Cleartrace is a cloud-based company. We do not operate on-premise servers, networking devices, or storage systems. All of our systems and networks are hosted by SOC 2 and ISO 27001 compliant vendors.
We take a minimal infrastructure approach by using software-as-a-service and managed platforms from trusted providers when it makes sense to do so, allowing us to:

  • Benefit from security testing by other users of the service
  • Leverage battle-hardened auditing, inventory, and other security tooling
  • Delegate patching and management tasks
  • Quickly de-provision services, reducing potential attack surfaces

Data Protection

Encryption

Customer data is encrypted, always. All databases, data stores, and file systems are encrypted with AES-256 or stronger. End-user workstations are protected with full-disk encryption.

Storage

All data resides in data centers operated by leading cloud providers, who provide strict physical security controls and maintain the underlying hardware.

Access

Access to Cleartrace applications and data is strictly limited and audited. When required, this access is subject to both application-level and network-level controls, as well as multi-factor authentication.

Application Security

Security is an integrated part of our software lifecycle. We maintain policies and procedures which apply DevSecOps concepts to design and develop secure software.

  • Our applications require strong authentication and strict, granular authorization
  • Passwords are stored securely, following OWASP guidelines
  • We use Web Application Firewalls and Intrusion Detection Systems to discover unexpected traffic
  • Cleartrace applications only communicate over encrypted network protocols

 

Third-Party Validation

Our source code, applications, and infrastructure are continuously scanned for vulnerabilities by automated tooling; and we conduct third-party penetration tests on a regular basis. Findings are quickly addressed.