Kaseya Trust Center
In a world full of cyber threats, learn how Kaseya keeps IT safe, protected, and secure.
“The Kaseya Community is based on Trust. Our commitment to privacy and cybersecurity revolves around you and your data.”
When appropriate, Kaseya will provide communications on broader security related incidents that may not be linked to a specific Kaseya product or vulnerability, but are still of importance to our customer base and broader IT professionals.
April 07, 2022 4:02 PM ET: Security Update Regarding Spring4Shell Vulnerability
December 14, 2021 6:00PM ET: Security Update Regarding Log4j2 Vulnerability
Kaseya is aware of the Log4j2 vulnerability CVE – CVE-2021-44228 (mitre.org) and our product, operations and security teams are currently assessing all products.
Kaseya has been performing a review of our products, code and production environments. Currently, our analysis indicates that the products listed below are not affected by this vulnerability. As this is an evolving threat, we will update this site as new information becomes available.
As always, please follow cybersecurity best practices including ensuring all of your servers are properly secured behind firewalls, backed up, and not left unprotected on the internet if they are installed on-premises.
Up to date information regarding Log4j2 can be found at the below link.
Security Standards & Policies
Kaseya’s security framework is based on trust services criteria for security: integrity, availability, and confidentiality. Kaseya products are independently audited to SOC 2 Type 2 and the underlying data centers are certified to ISO 27001. Our security policies and standards are verified annually through external third-party audits.
Security Incident Response
Kaseya adheres to a strict playbook for rapid response as soon as suspicious activity is reported and validated. Kaseya’s policy is to isolate the incident and limit impact while establishing transparent communication channels as the source of truth. Kaseya partners with relevant authorities to identify bad actors and works with independent security researchers to mitigate any vulnerability and resolve the exploit. We’re appreciative of the research community and welcome productive cooperation in eliminating threats, vulnerabilities or exploits. If you have a vulnerability or incident to disclose, please provide details to [email protected].
Kaseya’s IT Complete solution consists of 27 unique solutions that are purposely compartmentalized from each other to ensure the highest level of security, reliability, and continuity for our customers.
Each IT Complete module is developed, monitored, and secured independently and audited for SOC 2 Type 2 compliance.
- Multi-factor Authentication (MFA)
Access to Kaseya products is controlled using MFA n to enhance security protection and prevent system usage via compromised credentials.
Kaseya products utilize industry standard strong encryption for all traffic in transit and encrypted customer data at rest.
- Role-Based Access Controls
Kaseya products provide customers with the ability to implement role-based access control on the principle of least privilege to manage and secure access.
Compliance starts with design. All Kaseya products and services adhere to strict governance, risk management, and compliance protocols and regulations. These include SOC 2 Type 2, ISO 27001 Certified Datacenters, HIPAA, GDPR, and CCPA. Attestation and other governance, compliance, and risk management inquiries can be sent to [email protected].
Kaseya’s legal policies and best practices are designed and enacted with our customers’ safety, protection, and well-being top of mind. We exercise complete transparency with our Legal Documents and Statements, including comprehensive terms and conditions and EULA. Legal inquiries can be sent to [email protected].
Privacy: Your Data Is Always in Your Control
All Kaseya products and services operate in accordance with major privacy acts and best practice procedures around the globe to ensure our customers’ data is safe, protected and in adherence with current law. These include, but are not limited to, CCPA and GDPR, CAN-SPAM, Privacy Shield, DRA, DPA, as well as our own Terms and Policy Statements. As new and revised privacy laws are being introduced all the time, Kaseya’s appointed Data Protection Officer operates on the front line to ensure our policies and procedures are always up to date and in line with active law around the globe. Privacy inquiries can be sent to [email protected].
For the latest security insights, please see below for links to trusted government and third-party resources:
- CISA Official Alerts and Statements: Stop Ransomware
- FBI Official Alerts and Statements: Stop Ransomware
- NIST: National Institute of Standards and Technology
- Bleeping Computer
- Dark Reading
- Krebs on Security
- The Hacker News
- CISCO Security Blogs
- CIS: Center for Internet Security
- DHS Cybersecurity News
- Trend Micro Security News
- Threat Post
Awards & Recognitions
Kaseya IT Complete suite of products has received hundreds of awards and accolades over the last few years
As the only purpose-built, comprehensive IT Solution for small-to-medium businesses, we are taking the IT industry by storm and are thrilled to be acknowledged for the smart, innovative tools and solutions our customers depend on every single day.
Here are few notable recent mentions across our primary product suites: