Security

Monte Carlo's team implements industry best practices across the board to protect the security of its application, and the data privacy of its customers. The following are only highlights of our security program and system architecture.

Infrastructure Security

Processing is conducted on secure servers hosted on Amazon Web Services (AWS). All storage systems are encrypted, and all servers are tightly access controlled and audited. Data is encrypted at rest and in transit at all times using TLS 1.2+ and AES-256+.

Monte Carlo's service runs on highly available and redundant cloud services provided by AWS, primarily in the US-East-1 region.

Access Control & Authentication

Access to all critical systems and production environments is protected by strong passwords and multi-factor authentication, with SSO used where possible for centralized control. Access is reviewed before being granted and re-validated quarterly.

Monte Carlo will access your environment from a small list of static IP addresses, allowing you to control network-level access to your data.

Data Handling & Device Security

For debugging or maintenance, only a minimal number of engineers may access the data necessary for the task. All employees use encrypted laptops and must remove data from devices once work is complete. Laptop security policies are enforced via mobile device management (MDM).

Testing & Validation

An annual penetration test is performed to identify vulnerabilities and validate security posture. The latest penetration test and remediation reports are available on our Trust Center.