Solace PubSub+ Cloud protects your message data against eavesdropping by unauthorized users.
For highly sensitive data, Solace also recommends customers encrypt the message payload.
Solace PubSub+ Cloud ensures any messaging data stored within the service is protected by encryption at rest.
Your user account details are secured using the most advanced processes, including:
Solace PubSub+ Cloud stores customer data in AWS in the US East North Virginia region (us-east-1).
The ability to create virtual private clouds (VPCs) with separate security, subnets, and isolated network groups for staging, production and development is an application security best practice and is supported by Solace PubSub+ Cloud.
Solace PubSub+ Cloud is delivered using multiple software components and physical locations. Ensuring the security of this entire system includes:
It’s critical that all upgrades, service packs, hot fixes and security patches are updated on all Solace PubSub+ Cloud components to ensure they have the latest and most-secure code base. To that end:
Solace has implemented robust and comprehensive operational security procedures to ensure access to Solace PubSub+ Cloud environments is restricted to authorized users, including:
Solace values the privacy and security of all of our customers’ data. Specifically for EU-based customers, Solace PubSub+ Cloud complies with the General Data Protection Regulation (GDPR), which mandates that Solace protects the personal data and privacy of EU subjects. This means personal data will not be used for purposes other than what it was collected for, without explicit customer approval. While Solace Cloud is not yet PCI, SOC2, or HIPAA compliant, we are always working to meet and exceed the requirements for compliance and plan to become compliant in the near future.