Skip to content
Cased Documentation

Security Overview

Learn about Cased’s security practices, compliance certifications, and deployment protection measures

Compliance Certifications

SOC 2 Compliance

Cased is committed to maintaining the highest security standards:

  • SOC 2 Type I: Completed
  • SOC 2 Type II: In progress

Our SOC 2 compliance demonstrates our commitment to:

  • Security
  • Availability
  • Process Integrity
  • Confidentiality
  • Privacy

SOC 2 reports are available to customers under NDA.

Security Features

Authentication & Access Control

  • Google Workspace SSO integration
  • Fine-grained access controls
  • API token management
  • Session security

Deployment Security

  • Required approvals for sensitive environments
  • Branch protection rules
  • Deployment queues
  • Automated rollbacks
  • Health monitoring

Infrastructure Security

  • All data encrypted at rest and in transit
  • Regular security updates
  • Infrastructure as code
  • Automated security scanning

Monitoring & Auditing

  • Comprehensive audit logs
  • Deployment tracking
  • Access monitoring
  • Real-time alerts

Security Best Practices

Access Management

  1. Principle of Least Privilege

    • Grant minimal required permissions
    • Regular access reviews
    • Automated access revocation

  2. Authentication

    • Use Google Workspace SSO
    • Rotate API tokens regularly
    • Monitor authentication attempts

  3. Deployment Safety

    • Configure approval requirements
    • Set up branch protection
    • Enable automated rollbacks
    • Monitor deployment health

Audit & Compliance

  1. Audit Logs

    • All actions are logged
    • Immutable audit trail
    • Searchable history
    • Export capabilities

  2. Compliance Controls

    • Access reviews
    • Change management
    • Incident response
    • Risk assessments

Data Protection

Data Security

  • All data encrypted at rest using AES-256
  • TLS 1.2+ required for all connections
  • Regular security assessments
  • Automated vulnerability scanning

Data Privacy

  • Data minimization practices
  • Privacy by design
  • GDPR compliance
  • Data retention policies

Security Reporting

Vulnerability Reporting

If you discover a security vulnerability, please report it to:

  • Email: security@cased.com
  • Response time: Within 24 hours
  • Bounty program available for qualifying reports

Incident Response

  1. 24/7 Monitoring

    • Real-time threat detection
    • Automated alerts
    • Incident tracking

  2. Response Process

    • Immediate triage
    • Customer notification
    • Root cause analysis
    • Remediation tracking

Enterprise Security Features

Single Sign-On (SSO)

  • Google Workspace integration
  • SAML 2.0 support
  • Just-in-time provisioning
  • Group sync

Audit & Compliance

  • Detailed audit logs
  • Compliance reporting
  • Custom retention policies
  • Export capabilities

Advanced Security Controls

  • IP allowlisting
  • Session management
  • API access controls
  • Custom security policies