Why We’re Different

Built on a foundation of trust.

What’s next for many of us is changing. Your company’s ability
to hire great talent is as important as ever

Security

With one source for financial, people, and operational data, everyone can access real-time insights to make sound decisions.

Organizational Security

Security begins on day one here, and we view it as everyone’s responsibility. All employees receive security, privacy, and compliance training the moment they start to keep both Canopy and customer data safe and secure. Our Information Security team provides the knowledge and skills needed to avoid or minimize security risks on an ongoing basis via our security training and awareness program.

This commitment to security extends to our executives. The Executive Leadership Team, a cross-functional group of executives spanning the enterprise, drives executive alignment across the organization and ensures that security awareness and initiatives permeate throughout the organization.

Architectural Security

Processing Relationship

Our customers serve as the data controller while Canopy is the data processor. This means that you have full control of the data entered into services, as well as all setup and configurations. Because you control your data—and we only process it—you won’t have to rely on us to perform day-to-day tasks such as:

  • Assigning security authorization and manipulating roles
  • Creating new reports and worklets
  • Configuring business process flows, alerts, rules, and more
  • Creating new integrations with Canopy utilities or incumbent tooling
  • Changing or creating new organizational structures
  • Monitoring all business transactions
  • Looking at all historical data and configuration changes

Data Encryption

Canopy encrypts every attribute of customer data before it’s persisted in the customer’s tenant. This is a fundamental design characteristic of the Canopy technology. Because Canopy is an in-memory, object-oriented application instead of a disk-based RDBMS, we can achieve the highest level of encryption. We use the Advanced Encryption Standard (AES) algorithm with a key size of 256 bits and a unique encryption key for each customer.

Transport Layer Security (TLS) protects user access via the internet, helping to secure network traffic from passive eavesdropping, active tampering, or message forgery. File-based integrations can be encrypted via PGP or a public/private key pair generated by Canopy, using a customer-generated certificate. WS-Security is also supported for web services integrations to the Canopy API.

Logical Security

Canopy security access is role-based, supporting LDAP Delegated Authentication, SAML for single sign-on, and x509 certificate authentication for both user and web services integrations.

Operational Security

Physical Security

Canopy applications are hosted in state-of-the-art data centers designed to protect mission-critical computer systems with fully redundant subsystems and compartmentalized security zones. Our data centers adhere to the strictest physical security measures including, but not limited to, the following:

  • Multiple layers of authentication for server area access
  • Two-factor biometric authentication for critical areas
  • Camera surveillance systems at key internal and external entry points
  • 24/7 monitoring by security personnel

All physical access to the data centers is highly restricted and stringently regulated.

Network Security

Canopy has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the Canopy environment. We’ve also implemented proactive security procedures, such as perimeter defense and network intrusion prevention systems (IPSs).

Network IPSs monitor critical network segments for atypical network patterns in the customer environment as well as traffic between tiers and service. We also maintain a global Security Operations Center 24/7/365.

Application Security

Canopy has implemented an enterprise Secure Software Development Life Cycle (SDLC) to help ensure the continued security of Canopy applications.

This program includes an in-depth security risk assessment and review of Canopy features. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application.

Vulnerability Assessments

Canopy contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments. 

Privacy

With one source for financial, people, and operational data, everyone can access real-time insights to make sound decisions.

Privacy Principles

As data protection issues and global laws continue to evolve and become increasingly complex, Canopy understands the importance of maintaining a comprehensive privacy program that is embedded into our company’s culture and services.

We’re committed to following three principles that reflect our core values:

  • We put privacy first.
  • We innovate responsibly.
  • We safeguard fairness and trust.

Our philosophy of “privacy by design” is a testament to this and provides our customers with the assurance they need for the privacy and protection of their data.These privacy principles drive how we train our employees, how we design and build products, and ultimately, how we process personal data.

Privacy and data protection require year-round vigilance, and we’re strongly committed to protecting the personal data of our customers and employees. Read more about how we embrace the key principles of privacy.

Review our privacy policy to learn more about how we manage and protect our customers’ information.

Global Privacy

As data protection issues and global laws continue to evolve and become increasingly complex, Canopy understands the importance of maintaining a comprehensive privacy program that is embedded into our company’s culture and services.

We’re committed to following three principles that reflect our core values:

  • We put privacy first.
  • We innovate responsibly.
  • We safeguard fairness and trust.

Our philosophy of “privacy by design” is a testament to this and provides our customers with the assurance they need for the privacy and protection of their data.These privacy principles drive how we train our employees, how we design and build products, and ultimately, how we process personal data.

Privacy and data protection require year-round vigilance, and we’re strongly committed to protecting the personal data of our customers and employees. Read more about how we embrace the key principles of privacy.

Review our privacy policy to learn more about how we manage and protect our customers’ information.

Compliance

With one source for financial, people, and operational data, everyone can access real-time insights to make sound decisions.

Third-Party Audits and Certifications

As data protection issues and global laws continue to evolve and become increasingly complex, Canopy understands the importance of maintaining a comprehensive privacy program that is embedded into our company’s culture and services.

We’re committed to following three principles that reflect our core values:

  • We put privacy first.
  • We innovate responsibly.
  • We safeguard fairness and trust.

Our philosophy of “privacy by design” is a testament to this and provides our customers with the assurance they need for the privacy and protection of their data.These privacy principles drive how we train our employees, how we design and build products, and ultimately, how we process personal data.

Privacy and data protection require year-round vigilance, and we’re strongly committed to protecting the personal data of our customers and employees. Read more about how we embrace the key principles of privacy.

Review our privacy policy to learn more about how we manage and protect our customers’ information.