Is TLS encryption only used externally? Is communication encrypted internally as well (inside the SaaS service)?
All communications are TLS encrypted between Cortex XSOAR components and between Cortex XSOAR and third-party tools.
Is data encrypted at rest?
By default, in GCP, the data is encrypted at Rest:
Passwords and API keys are encrypted when stored at Rest.
Data in Cortex XSOAR is encrypted at Rest through volume encryption.
For more information about security protection in the data centers where Cortex XSOAR data resides, see Google Compliance Center and Default encryption at Rest.
Which algorithm are you using for deletion?
Based on Google's data deletion process, as described in https://cloud.google.com/docs/security/deletion, Google adheres to a strict disposal policy to achieve compliance with NIST SP 800-88 Revision 1 “Guidelines for Media Sanitization” and DoD 5220.22-M “National Industrial Security Program Operating Manual".
Could you describe the process of how DevOps get access to our data? How do I give access to the data and how do I revoke it?
DevOps may access data when needed for business purposes. This access is restricted to certain personnel only and on a business need-to-know basis. Additional access to the data can be granted or denied by the customer through a portal.
Are penetration tests done regularly?
Penetration testing is performed annually, while additional ongoing tests are done as part of the Cortex XSOAR development process.
Will Cortex XSOAR 8 support storage encryption and bring your own keys?
Cortex XSOAR 8 provides a secure environment by encrypting data at Rest. Each tenant has its own keys which are created as part of the tenant creation. In the near future, we are planning to fully support BYOK. For more information contact your CS/SA to discuss this option.
Do you have logical security practices in place to prevent inappropriate access to the internal network hosting this application? If so, please provide details.
Each tenant has its own separate virtual network that is not accessible directly by anyone. Accessing a customer's environment requires an approval process. Access is granted using GCP IAM permissions.