Kolide is a SaaS application that helps teams communicate and resolve security and compliance issues on Mac, Linux, and Windows devices.Kolide instantly associates your organization's devices with the people in your Slack team. Once installed, your users will be able to interact with the app to get the latest security state of their devices.Kolide also proactively messages your end-users on Slack when they do not meet your organization's security policy, or if there is a problem with their device. The message includes clear instructions about what is wrong, with step-by-step instructions on how to resolve the issue. We even give your users a way to verify, in real-time, that they fixed the problem.Kolide practices User Focused Security which involves treating users with respect and being transparent about what data is collected from their device. Kolide has fully open-sourced its endpoint agent (Kolide Launcher) for the benefit of the entire security community.Note: Installing the Slack App requires a paid Kolide account. You can try our service for free for 14 days with all of your devices. For more information about our pricing please visit https://kolide.com/pricing
Kolide will be able to view:
Kolide will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
Kolide uses high availability and durable data storage services to ensure the Kolide application remains available and the integrity of the data is maintained.
For HA, Kolide maintains an identical follower database in a separate availability zone (AZ) that can be instantly promoted to the leader if any failover conditions are met. In practice, even catastrophic issues with the DB will not impact application availability.
Kolide leverages Heroku’s managed backups which retains at-most 50 backups roughly logarithmically spaced out over a 30 day period.
During high risk deployments, Kolide staff are expected to manually backup the database so that any malfunctioning deployments can be easily backed out with minimal disruption to our customers.
Data archiving and removal policy
Formal requests to delete data can be submitted by any Full access user or official Point of Contact via email (email@example.com) or via our Intercom chat service.
Upon request, a Kolide member will acknowledge receipt and file a ticket so that a qualified Kolide Site Reliability Engineer (SRE) can perform the request within 2 business days of receipt.
Once the data has been deleted, a Kolide employee will follow-up with the Customer contact and let them know that the requested data was deleted or set any expectations about when that data will be fully-deleted (for example when it will be purged from backups, etc.).
Data storage policy
Kolide stores essential information in Heroku’s PostgreSQL DB service. This service is encrypted at-rest using AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume.
In addition, all backups of the database are stored in an encrypted S3 bucket in the US region. These backups are only accessible to a select set of Kolide SREs and executive staff.
When someone requests Kolide delete personal or other sensitive data through firstname.lastname@example.org Kolide disposes of in-scope data obtained through our services by performing the following high-level procedure:
1. Kolide notifies all staff of the customer’s termination or for ad-hoc data deletion request and reminds them of their responsibility to purge any data associated with that customer under their control.
2. Kolide’s application runs an automated background processing job which will purge the production database of recently terminated customer’s data by eliminating their segregated tenant.
3. Kolide manually checks that customer data has been purged by checking a terminated customer list against the live database.
4. Backups that contain data from a terminated customer are disposed as a part of our backup system roll-over process after 30 days.
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack App Directory, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Supports Single Sign On (SSO) with the following providers
All SAML based SSO Providers are supported
Supports Security Assertion Markup Language (SAML)