Security Best Practices at MetricFire

Introduction

At MetricFire, we treat your data as our data, and we secure our data. Security is prioritized at every level of our infrastructure so you can have peace of mind that your data is sent and stored safely. Keeping MetricFire secure is fundamental to the nature of our business. One of our key priorities is to secure our customers’ metrics and trust. We diligently ensure that we comply with industry security standards so that our customers can trust that their metrics are safeguarded. There are several ways that MetricFire keeps your data secure.

Industry Standard Practices

Our team is big on the cyber security aspect with CISSP and Cybersecurity-certified team members. MetricFire diligently ensures that we comply with industry security standards so that our customers can trust that their metrics are in good hands. 

Some of the key standards we adhere to include: 

• Annual security awareness, GDPR requirements, Phishing training
• RBAC and the principle of least privilege enforced across teams
• Minimum data collection is limited to a lawful basis required to provide services
• Customer data encrypted at rest and transit
• Regular data backups; ability to preserve for forensic purposes if required
• Annual penetration tests and business risk reviews

Thorough Data Encryption

Compared to standard open-source Graphite, Hosted Graphite ensures that data can be safely sent to our hosted solution through secure TCP (TLS and HTTPS) or UDP carbon-format interfaces.

We use SSL/TLS encryption on all our websites and microservices to maintain the highest security and data protection standards. Sensitive Data such as connection credentials is encrypted anytime it is “at rest” in the MetricFire platform using industry-standard encryption. In addition, we regularly verify our security certificates and encryption algorithms by S3 server-side encryption AES256 using S3-managed keys to keep your data safe.

Enterprise Tailored Infrastructure

MetricFire uses cloud hosting providers and inherits their physical security, business continuity, disaster recovery, and network intrusion protection for ISO:27001 and SOC2 Certified Data centers. This means that business continuity and operational resilience risk can be transferred to a robust provider with a shared responsibility model.

In addition to this MetricFire customers need not worry about database failures as we operate a distributed eventually consistent database built upon the open-source Gorgon. In case of failure, the workload is distributed and we store three redundant copies of everything. Queries will get back to the user with answers only when two different systems agree - this is also useful for fault tolerance. 

Information Security Approach

Security of customer data is a priority and by default, MetricFire does not collect or require sensitive information. We understand the sensitivity of that information and we take all steps necessary to safeguard it. Our internal policies are built on Cloud Security Alliance’s Consensus Assessments Initiative Questionnaire (CAIQ) and keeping MetricFire secure is fundamental to the nature of our business.

Additionally, data sent to us will never be misused. MetricFire will never sell data sent to us to third parties. We have always been supportive of the open-source principle of data portability and always will be. We built our product and company upon open-source software, so we are opposed to any practices of ‘vendor lock-in’. The data sent to us will always be yours, and you get to decide how your information is used. 

Conclusion

Ensuring the security of our service is consistent and reliable for our customers counts toward everything we do. MetricFire strives to maintain the highest level of security and best practices to earn our customers’ business and trust.

If you have any questions about security at MetricFire or would like to discuss how we can meet the security requirements of your organization to become your trusted monitoring partner please contact us at sales@metricfire.com or book a time to speak with us.