Guides
ChangelogStatus PageAPI ExplorerAPI ReferenceCLI ReferenceBlogIMPACT 2025
Start typing to search…

Data Protection and Encryption

How does Monte Carlo protect customer data overall?

Monte Carlo implements layered data protection controls that include encryption, logical separation, strong authentication, and continuous monitoring. All systems handling customer data follow secure configuration baselines, in alignment with CIS best practices.

What encryption standards are used for data at rest and in transit?

Monte Carlo uses industry-standard encryption across all environments:

  • Data at rest – encrypted using AES-256.
  • Data in transit – encrypted using TLS 1.2 or higher with strong cipher suites.
    Encryption keys and certificates are managed through secure, audited key management systems.

Are company laptops encrypted?

Yes. All Monte Carlo-managed mobile devices are encrypted and configured according to corporate security policies. Device management software enforces full-disk encryption, strong passwords, screen lock, and remote wipe capabilities.

Are backups encrypted?

Yes. All data backups are encrypted using the same standards as noted above.

Do you use secure file transfer to share customer data with authorized third parties?

Monte Carlo uses secure, encrypted file transfer mechanisms (such as SFTP or HTTPS/TLS) whenever customer data must be exchanged with authorized third parties. In most cases, customer data access is limited to in-platform processing — file transfers occur only under explicit agreement or support circumstances.

Is a data flow map available?

Yes. Monte Carlo maintains an internal data flow diagram that documents the movement, processing, and storage of customer data across systems. This diagram is reviewed as part of annual compliance audits and is available to customers under NDA upon request via the Trust Center.

Are end-user devices used to transmit or process customer observability data?

No. End-user devices such as employee laptops or phones are not used to store, process, or transmit customer observability data. All customer observability data access occurs through secure, monitored cloud infrastructure or approved support systems that meet encryption and access control standards.

Monte Carlo employees are authorized to use end-user devices (such as phones) to access approved tooling such as Slack and Email.

How are encryption keys managed and rotated?

Monte Carlo enforces a formal Cryptography and Key Management Policy that governs key generation, rotation, and revocation.

  • Keys used for encryption at rest are rotated periodically and on schedule triggers.
  • Key access is restricted to authorized personnel only.
  • All key operations are logged and monitored as part of internal security reviews.

Does Monte Carlo support customer-managed encryption keys?

Yes. Monte Carlo offers deployment models that support stronger customer control over encryption. In dedicated or hybrid hosting configurations, customers may retain ownership of encryption keys or manage encryption layers within their own environment.

In addition, for full SaaS (Non Hybrid) customers, Monte Carlo supports self-hosted credentials.

See also: Hosting & Deployments – Monte Carlo Docs ;Using self-hosted credentials - Monte Carlo Docs

How is customer data segmented/separated?

Monte Carlo enforces logical separation using unique identifiers and access boundaries within application and database layers. For certain deployment options, such as dedicated instances, customers benefit from physical isolation where possible, of infrastructure resources.

See also: Dedicated Instance - Monte Carlo Docs

How long is customer data retained, and how is it securely destroyed?

Customer data is retained according to the terms of the customer agreement or configured retention policy. Upon contract termination or customer request, data is securely deleted.

What happens to encryption keys and backups when data is deleted?

When customer data is deleted or an account is terminated:

  • Associated encryption keys are rotated or destroyed.
  • Backup copies containing that data are overwritten or expire according to retention schedules. This ensures all residual data becomes cryptographically unrecoverable.

How does Monte Carlo ensure data availability and protection during a disaster or outage?

Monte Carlo maintains a Business Continuity (BC) and Disaster Recovery (DR) Plan that ensures customer data remains available and secure during system disruptions.

  • Data is replicated across multiple availability zones.
  • All replication and failover traffic is encrypted.
  • DR testing is conducted at least annually.

For customers with regulatory requirements or higher availability needs, Monte Carlo offers a Dedicated Instance environment where multi-region failover can be enabled.

See also: Dedicated Instance - Disaster Recovery - Monte Carlo Docs

Updated 10 days ago