Virtana Geography and Data Residency

Virtana utilizes AWS across the globe. Clients choose the region they want to contain their data, and the data stays within that region.

We use the following regions:

  • Europe: United Kingdom
  • North America: United States Central

Virtana is SOC 2 Type II compliant. A copy of the report is available upon request.

Virtana also maintains a privacy compliance program, which includes GDPR and CCPA.

Our information security program is aligned with the CSA Cloud Controls Matrix, and we are listed on the STAR Registry.

Virtana Platform Architecture

The Virtana Platform is built on AWS.

Virtana’s Platform utilizes a stack that consists of a web frontend, multiple services and processing layers, and databases. API access is authenticated, and all services require encryption.

Virtana transmits this data securely to the Virtana Event Collector API, which then gets processed and analyzed internally via our cloud services.

Single Sign-On (SSO)

The Virtana Platform provides LDAP, SAML, and OIDC support for single sign-on for mobile and web as another option for centralized management of passwords across multiple systems. Virtana Platform supports external SSO providers for customers who prefer to perform authentication on their intranet and then be redirected to Virtana Platform. The Virtana Platform SSO solution integrates with any external Identity Management Services.

Cloud Security

Virtana maintains a comprehensive Information Security Program that follows the latest Cloud Security best practices. Virtana uses industry-standard encryption algorithms, and data is encrypted in transit and at rest.

All data in Virtana’s Development, Test, and QA environments is anonymized and sanitized to support secure development, patching, fixes, and penetration testing.

Data Capture

Only IT elements managed by Virtana have data collected within a customer’s environment. The type of data collected include:

  • Device and Conversation Metadata
  • Performance data
  • Event data
  • Log data
Data Access and Data Flow

Data at Virtana is restricted from access by non-authorized personnel.

Virtana uses multi-factor authentication on all systems, for all access points, at all times. All data access is logged and monitored.

As mentioned, Virtana has multiple global geographic regions that serve customers. The data flow inside each region is the same. This is a high-level view of the Data Flow in any region.

Data Retention

Virtana maintains an active data retention policy and retains or deletes all data in accordance with applicable laws and compliance requirements.

If a Virtana customer stops using Virtana solutions, they can access their data for up to 90 days, unless otherwise requested. After 90 days, Virtana will permanently delete customer data.