Secure and Compliant

Ensure internal and cross-company communications remain secure and compliant with Symphony's unique customer-owned key infrastructure and Admin Portal.

Do you know who has access to your company’s data?

View Infographic
Security and Compliance: Secure Messaging Software | Symphony

Safeguard your information

State-of-the-art encryption with customer-owned keys keeps your data safe, whether communicating within an organization or across enterprises.

Comply with global regulations

Establish information barriers, create expression filters, assign entitlements, monitor rooms, and export content into regulatory record archives via Symphony’s Admin Portal.

Secure Enterprise Messaging & Secure Messaging Platform | Symphony
EU-U.S. Privacy Shield &
EU-Swiss Privacy Shield
Verasafe™ Privacy Program member
FS-ISAC Affiliate Member
Symphony has implemented security controls that comply with the HIPAA Security Rule. These controls are also independently audited in Symphony's SOC 2+ Report.
View our GDPR Whitepaper for information about Symphony’s strategy for complying with the EU General Data Protection Regulation.

Security & Compliance Certifications

At Symphony, we understand the importance of an independent opinion, especially for something as important as security & compliance.

Symphony holds a number of independent certifications over our security and privacy controls, and bases its security program on NIST and ISO standards.

View our Privacy Policy for more information.

Deploy mobile with confidence

Connect the Symphony mobile app to your existing Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions.

Secure Messaging for Business: Secure Team Collaboration | Symphony

“One would assume that if the traffic is encrypted both at rest and in transit, that is sufficient. The fact is, it’s not.”

Zeus Kerravala, ZK Research

Read the complete white paper →

Have Questions?

  • Security overview
  • Differentiation
  • Encrypted search
  • Mobile security
  • Data ownership
  • SOC certification

How does Symphony keep my information secure?

Security is at the core of our collaboration platform.

We architected security into Symphony from the ground-up. We pioneered end-to-end encryption in our enterprise-class cloud-based collaboration service to keep your data secure in the cloud. We encrypt your content as soon as the user presses send, and never decrypt it until it reaches the intended recipients. With the Symphony Enterprise offer, we give you full physical and exclusive control of encryption keys – thereby ensuring that neither Symphony nor hackers can decrypt your content.

We have rigorous security policies that are informed by ISO 27001. Our dedicated security team and independent third parties evaluate and test the security of our service. We conduct thorough vulnerability scanning and harden our systems with penetration testing. Certifications such as SOC 3 and SOC 2 Type II demonstrate our robust security controls.

Our enterprise-class Administration and Compliance Portal provides granular controls for deploying and managing security capabilities such as Single Sign-On, Mobile Device Management (MDM), two-factor authentication and more. Symphony interoperates with third-party MDM solutions. The Administration and Compliance Portal also provides capabilities to export content for archiving and e-discovery.

With Symphony, you get end-to-end security that is architected into the service from the ground-up, not painted on as an afterthought.

How is Symphony’s security architecture differentiated?

Competing cloud-based collaboration platforms have gaps in encryption. They encrypt data at rest and in motion. But this is not end-to-end encryption. Your data is repeatedly decrypted in the cloud, which exposes the data to service providers and potentially to hackers. Once decrypted, your data can be scraped, shared, used or hacked.

Bring-Your-Own-Key solutions are inadequate – you lack exclusive possession of keys, and your data can be decrypted in the cloud.

The Symphony Enterprise offer provides end-to-end encryption which helps alleviate these issues:

  • Encrypt at origin: Symphony encrypts content as soon as the user presses send.
  • Decrypt at destination: Content is never decrypted until it reaches the intended recipients.
  • Get full physical and exclusive control of keys with an on-premise deployment of Hardware Security Modules; this means neither Symphony nor hackers can decrypt your content.

Does Symphony decrypt customer’s data to execute search queries?

No. Symphony has developed a unique encrypted search solution that ensures your data remains encrypted for executing search queries.

Does a mobile user benefit from end-to-end encryption?

Yes. Symphony’s end-to-end encryption model works for our desktop, browser and mobile clients.

Who owns the information that employees post in Symphony?

The information that your company’s employees post in Symphony generally belongs to your company. Your administrators can export data for archiving at any time with the Content Export feature available in Symphony Administration and Compliance Portal.

Do you have SOC certification?

Yes. Symphony has SOC 2 Type II and SOC 3 certifications.