Information security is at the center of everything we do—from safeguarding customer data to maintaining critical system availability.
Cubist is SOC2 Type II-compliant
Our team is committed to regularly assessing and validating our information security practices, policies, procedures, and operations.
Learn more about our comprehensive security approach.
Personnel
All personnel undergo background checks and sign confidentiality agreements.
Only vetted personnel with need-to-know are given access to customer resources.
We provide regular security education about emerging threats and attack vectors.
Testing
Our codebase regularly undergoes third-party audits and penetration testing.
We run automated tools for dependency management, code analysis, and vulnerability scanning.
Our CI/CD pipelines control deployments into all of our testing environments and our production environment.
Development
We follow modern best practices for secure software development and web application security.
New products, tools, and services—and major changes to existing ones—undergo rigorous security reviews.
All releases to production systems require approval from multiple qualified individuals.
Infrastructure
Our customer environments are isolated from one another, and we cryptographically isolate customer secrets.
We use tools to continuously monitor performance, health, and security characteristics of system resources.
We strictly enforce least-privileged access control and multi-factor authentication.
“Security isn’t just a checklist for us—it’s part of how we think, design, and operate as a team. We believe strong systems come from reducing assumptions—not just about users, but about ourselves. That means recognizing that many common failures aren’t technical—they’re human—and designing systems that can say “no” when people can’t. Our internal practices reflect what’s at stake for the teams who rely on us, and we take that responsibility seriously.”
Explore the security controls built directly into CubeSigner.
Go to Product Security
