Trust is the basis of everything we do.
Companies rely on Riverbed to:
- Transform IT data into actionable insights so they can deliver seamless, secure digital experiences; and
- Provide fast, agile, secure acceleration of any app, over any network, to users wherever they are.
How We Protect Your Business
Four Pillars of Trust
Riverbed leverages a “Four Pillars” approach to deliver secure and dependable products and services.
Riverbed is continually refining its security strategy and framework to reflect our organization’s specific security risks. Maintaining a robust security-first culture is key to protecting the integrity of our products and services, inspiring customer confidence, and furthering our business relationships.
Riverbed knows that customers care about how personal data is used and shared, and Riverbed takes privacy and very seriously. Riverbed’s privacy and risk management framework is designed to meet Riverbed’s obligations under applicable global privacy laws , including the General Data Protection Regulation (GDPR).
Riverbed undergoes third-party audits and obtains product certifications to provide our customers with independent, third-party assurances.
Riverbed designs our Cloud Service offerings to deliver secure, highly available solutions, 24x7, around the world. Riverbed Support offers 24x7x365 issue resolution, a global logistics network, and robust online resources for all products.
Riverbed’s security strategy and framework leverages industry standard best practices and standards. Our security program is led by Riverbed’s Chief Information Officer (“CISO”) with the involvement of key cross-functional stakeholders to enable a holistic approach to security management. Key features of Riverbed’s security program include:
Riverbed maintains a comprehensive set of security policies. More information regarding the security requirements and measures used to establish and enforce Riverbed’s corporate security program can be found here.
Security Training & Awareness
All Riverbed personnel are required to undergo annual security training and participate in ongoing security awareness initiatives.
Data Center Security
Riverbed does not operate any of its own data centers. We leverage industry-leading third- party cloud infrastructure providers and requires all such providers to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
Testing & Verification
Engineering teams regularly review our code, infrastructure, and supporting systems to ensure we have the correct people, processes, and controls to protect product development and customer data.
Security Incident Response
Our security incident response team acts promptly to respond, investigate, and remediate security issues when they are detected..
Riverbed knows that customers care about how your personal data is used and shared, and Riverbed takes privacy very seriously. The Privacy page of Riverbed’s Trust Center provides a centralized source of information about Riverbed’s privacy practices.
When Riverbed Acts as a Controller
- The California Applicant Policy applies to Riverbed job applicants and candidates who are residents of California.
When Riverbed Acts as a Processor
- Riverbed offers a Data Processing Addendum (“DPA”) that sets out the legal framework under which Riverbed processes personal data. Riverbed’s DPA includes key GDPR-related assurances and incorporates the Standard Contractual Clauses approved by the European Commission to address the transfer of personal data outside of the EEA.
- Riverbed’s Data Transfer Impact Assessment Guide assists customers in conducting data transfer impact assessments.
- Riverbed performs due diligence reviews to assess the privacy and security practices of our subprocessors, who are required to enter into appropriate security, confidentiality and privacy contract terms based on the risks presented by the assessment, including data processing terms as required by applicable law. A list of Riverbed’s current subprocessors can be found here.
- Additional documentation consisting of “Privacy Data Sheets” and “Processing Details” describing Riverbed’s processing of personal data for specific products and services can be found here.
Riverbed undergoes multiple audits. Please contact firstname.lastname@example.org for a copy of the applicable certifications outlined below.
Aternity Cloud Service
- SSAE-16 Type II SOC 2
- ISO 27001
- Penetration test (summary)
- Cloud Security Alliance (CSA) Consensus Initiative Assessment Questionnaire (CAIQ)
Additional products are slated to undergo audits in the near term. Please check back regularly for updates.