We know your monitoring data is extremely important to you and your business, and we’re very protective of it. After all, we use Librato for our own monitoring too!
Need to report a security vulnerability?
Please follow our steps for Responsible Disclosure.
All private data exchanged with Librato is always transmitted over SSL (which is why your instruments and dashboards are served over HTTPS, for instance). All pushing and pulling of private data is done over SSH authenticated with keys, or over HTTPS using your Librato username and password.
The SSH login credentials used to push and pull cannot be used to access a shell or filesystem. All users are virtual (meaning they have no user account on our server instances).
File System & Backups
Every data point is saved on a minimum of three different servers in different AWS (Amazon Web Services) Availability Zones and -in addition- backed up to AWS S3 storage.
We do not encrypt repositories because it would slow down response times, and any user with shell access to the file system would have access to the decryption routine, thus negating any security it provides. Therefore, we focus on making our infrastructure as secure as possible.
No Librato employees ever access private customer data unless required to for support reasons and with permission from the customer. Support staff may log into your account to access settings related to your support issue. In rare cases staff may need to access your data, this will only be done with your consent. When working a support issue we do our best to respect your privacy as much as possible, we only access the data and settings needed to resolve your issue.
Credit Card Safety
When you sign up for a paid account on Librato, we do not store any of your card information on our servers. It’s handed off to Chargify, Inc., a company dedicated to storing your sensitive data on PCI-Compliant servers.
Have a question, concern, or comment about Librato security? Please email security@Librato.com.
Last Updated: Jan 23, 2014