Grove leverages multiple layers of defense to protect key information and handle all critical facets of network and application security, including authentication, authorization and assurance.
Grove’s security architecture is designed to protect the confidentiality, integrity and availability of all customer information that we host. To that end, we apply stringent, risk-adjusted security controls in layers ranging from facilities (best in class cloud hosting) to network infrastructure (network security), IT systems (system/host security) and information and applications (application security).
Grove maintains the following security controls:
Secure data centers - Grove maintains top-tier data centers with strong security controls.
Logical isolation – Grove completely isolates its customer systems using VMs and VLANs. This allows data separation from OSI layer 2 (Data Link Layer). Customer traffic is routed directly to their instances to prevent any shared traffic.
Security monitoring - All of our networks and systems are constantly being monitored by leading security tools.
Strict access controls (both system and network) - Grove enforces strict access control on all its systems. We perform regular internal audits and use automated tools to verify desired configurations.
Strict ingress and egress points - Access to the application is restricted. Grove administration is limited to a small group of Grove workers using a secure 2-factor VPN to access customer environments. All activity is logged.
Separated services (web, database and storage) - All services are isolated and not shared, minimizing the risk of unintended data disclosure.
All of our security controls and risk analysis are based on the protection of customer data. Grove hosting supports various encryption methods to protect data transiting over untrusted networks. Encryption has also been implemented for both transit and storage of offsite backups in the remote data center facilities.