Kaseya Trust Center
In a world full of cyber threats, learn how Kaseya keeps IT safe, protected, and secure.

“The Kaseya Community is based on Trust. Our commitment to privacy and cybersecurity revolves around you and your data.”
Security Advisories
When appropriate, Kaseya will provide communications on broader security related incidents that may not be linked to a specific Kaseya product or vulnerability, but are still of importance to our customer base and broader IT professionals.
April 07, 2022 4:02 PM ET: Security Update Regarding Spring4Shell Vulnerability
Kaseya Guidance: Upon investigation, customers are not required to complete any remediation steps for any of Kaseya’s product lines.
Software Affected/Affected Products and Versions: None
Overview: Kaseya has vetted its product line to determine which products may be affected by the Spring4Shell vulnerability. Upon verification, no Kaseya products have been found to be vulnerable to the Spring4Shell vulnerability.
Description: As stated in NIST, A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Resources:
December 14, 2021 6:00PM ET: Security Update Regarding Log4j2 Vulnerability
Kaseya is aware of the Log4j2 vulnerability CVE – CVE-2021-44228 (mitre.org) and our product, operations and security teams are currently assessing all products.
Kaseya has been performing a review of our products, code and production environments. Currently, our analysis indicates that the products listed below are not affected by this vulnerability. As this is an evolving threat, we will update this site as new information becomes available.
As always, please follow cybersecurity best practices including ensuring all of your servers are properly secured behind firewalls, backed up, and not left unprotected on the internet if they are installed on-premises.
Up to date information regarding Log4j2 can be found at the below link.
Security Standards & Policies
Kaseya’s security framework is based on trust services criteria for security: integrity, availability, and confidentiality. Kaseya products are independently audited to SOC 2 Type 2 and the underlying data centers are certified to ISO 27001. Our security policies and standards are verified annually through external third-party audits.
Security Incident Response
Kaseya adheres to a strict playbook for rapid response as soon as suspicious activity is reported and validated. Kaseya’s policy is to isolate the incident and limit impact while establishing transparent communication channels as the source of truth. Kaseya partners with relevant authorities to identify bad actors and works with independent security researchers to mitigate any vulnerability and resolve the exploit. We’re appreciative of the research community and welcome productive cooperation in eliminating threats, vulnerabilities or exploits. If you have a vulnerability or incident to disclose, please provide details to [email protected].
Product Security
Kaseya’s IT Complete solution consists of 27 unique solutions that are purposely compartmentalized from each other to ensure the highest level of security, reliability, and continuity for our customers.
Each IT Complete module is developed, monitored, and secured independently and audited for SOC 2 Type 2 compliance.
- Multi-factor Authentication (MFA)
Access to Kaseya products is controlled using MFA n to enhance security protection and prevent system usage via compromised credentials. - Encryption
Kaseya products utilize industry standard strong encryption for all traffic in transit and encrypted customer data at rest. - Role-Based Access Controls
Kaseya products provide customers with the ability to implement role-based access control on the principle of least privilege to manage and secure access.
Compliance Qualified
Compliance starts with design. All Kaseya products and services adhere to strict governance, risk management, and compliance protocols and regulations. These include SOC 2 Type 2, ISO 27001 Certified Datacenters, HIPAA, GDPR, and CCPA. Attestation and other governance, compliance, and risk management inquiries can be sent to [email protected].
Legal Assurance
Kaseya’s legal policies and best practices are designed and enacted with our customers’ safety, protection, and well-being top of mind. We exercise complete transparency with our Legal Documents and Statements, including comprehensive terms and conditions and EULA. Legal inquiries can be sent to [email protected].
Privacy: Your Data Is Always in Your Control
All Kaseya products and services operate in accordance with major privacy acts and best practice procedures around the globe to ensure our customers’ data is safe, protected and in adherence with current law. These include, but are not limited to, CCPA and GDPR, CAN-SPAM, Privacy Shield, DRA, DPA, as well as our own Terms and Policy Statements. As new and revised privacy laws are being introduced all the time, Kaseya’s appointed Data Protection Officer operates on the front line to ensure our policies and procedures are always up to date and in line with active law around the globe. Privacy inquiries can be sent to [email protected].
Report a Whistleblower Complaint
Call our Whistleblower Hotline 1-877-519-2413 and/or Email our Governance, Risk and Compliance team to report the complaint
Contact UsHelp Your Customers
Kaseya empowers customers to securely move forward working with their customers
Powered ServicesSecurity Resources
For the latest security insights, please see below for links to trusted government and third-party resources:
- CISA Official Alerts and Statements: Stop Ransomware
- FBI Official Alerts and Statements: Stop Ransomware
- NIST: National Institute of Standards and Technology
- Bleeping Computer
- Dark Reading
- Krebs on Security
- The Hacker News
- CISCO Security Blogs
- CIS: Center for Internet Security
- DHS Cybersecurity News
- Trend Micro Security News
- Threat Post
Awards & Recognitions
Kaseya IT Complete suite of products has received hundreds of awards and accolades over the last few years
As the only purpose-built, comprehensive IT Solution for small-to-medium businesses, we are taking the IT industry by storm and are thrilled to be acknowledged for the smart, innovative tools and solutions our customers depend on every single day.
Here are few notable recent mentions across our primary product suites: