Loom Systems is committed to the security of your data. We use a variety of industry-standard security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. You also have several security controls available within Loom Systems.

 

Your data security is of paramount importance to us at Loom Systems. Our focus on security cuts across every layer of the Loom Systems platform, and the service was designed from the ground up as a secure, highly available, and massively scalable multi-tenant log management and IT Operations Analytics platform.

 

At Loom Systems we follow best practices in securely gathering and storing your data. Our founders and employees come from renowned army intelligence units.


Overview

To protect your information, data is:

  • Transmitted via HTTPS.

  • Accessed through the password-protected Loom Systems website.

  • Stored in an ISO 27001 and FISMA certified data center.

 

Cloud Data Protection & Security Assurance

The Loom Systems Cloud Infrastructure is powered by Amazon Web Services (AWS). The service has been designed and managed in alignment with leading industry regulations, operating standards, and recognized best-practices including SOC 1 (formerly SAS70), SOC 2, SOC 3, ISO 27001, PCI DSS Level 1, and other industry certifications and attestations. Because the Loom Systems Log Management and Analytics Application runs within and depends on our Cloud Infrastructure, data protection and security assurances are essential and provide the foundational elements for supporting industry compliance and robust policy controls. By having our application workloads in a secure, industry-certified environment, our infrastructure provides a higher level of security at scale, while providing worldwide service delivery and industry-leading reliability.

 

The IT infrastructure that AWS provides is designed and managed in alignment with security best practices, including the following IT security standards:

  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)

  • SOC 2

  • SOC 3

  • FISMA, DIACAP, and FedRAMP

  • DOD CSM Levels 1-5

  • PCI DSS Level 1

  • ISO 9001 / ISO 27001

  • ITAR

  • FIPS 140-2

  • MTCS Level 3

 

Physical access to the data center is strictly controlled both at the perimeter and at building ingress points by professional security staff, using video surveillance, state of the art intrusion detection systems, biometric locks, and other electronic means.

 

Data Transmission

Incoming

Standard data is collected securely from remote systems and sent to the Loom Systems service by using one of the following methods:

  • Webhook—if the monitoring system supports sending data via webhook, it can be configured to send data directly to the Loom Systems service via a secure API endpoint.

  • Agent—if the monitoring system does not support sending data via webhook, the Loom Systems agent can be configured to collect data locally and send it to the Loom Systems service via a secure API endpoint. The agent pulls data from a machine on the local network or cloud infrastructure by using a vendor-supplied API, parsing log files, or using other techniques, depending on the monitoring system’s capabilities.

 

Outgoing

All your data is encrypted when sent to Loom Systems over secure TCP connections using Secure Socket Layer (SSL). For secure communication, users download a unique key to authenticate with the cloud service so that data will only be accepted from trusted sources.

The Loom Systems service  sends data to integrated messaging or ticketing systems, such as email, SMS, JIRA, or Slack. Loom Systems sends all data to these providers or services via HTTPS and uses industry-standard email and SMS providers.

 

Access Control

Users can access the Loom Systems application by visiting http://yourdomain.loomsystems.com via a web browser. All data is sent via HTTPS. Website access requires username and password authentication.

 

Customer Access

Users can authenticate on the Loom Systems website by entering their username and password. Customers can access only the data for their own organization. Organizations can grant access to users by inviting them into Loom Systems.

 

Loom Systems Employee Access

Loom Systems personnel access customer data only on a need-to-know basis for support purposes. All support personnel have signed Non-Disclosure Agreements, and no changes are ever made to an account without prior approval from the customer.

 

Responsible Disclosure

At Loom Systems we follow industry best practices and work to maintain a responsible disclosure policy. We appreciate community help in disclosing any issues to us in a responsible and ethical manner. We will work with individuals or organizations to resolve any such concerns or issues you may identify. Note, publicly disclosing a vulnerability without our cooperation can put the service at risk and may affect all users, not just a single user or organization. We ask anyone who discloses an issue to please act in good faith towards our users’ privacy and data during your disclosure. We do not take legal action against those who disclose security concerns and act accordingly: White hat researchers are always appreciated. Obviously, certain attack patterns such as (D)DoS are not considered as White hat techniques.

 

Incident Response

Loom Systems takes security vulnerabilities very seriously. If you have a security question, would like to discuss our data protection policies, or have identified a potential vulnerability, please contact us immediately via email atsecurity@loomsystems.com or for general questions please email info@loomsystems.com.

 

More Information

If you have additional questions or need further clarification, please contact us by phone at +1(646)6933386 or by emailing us at info@loomsystems.com.