Secure and Compliant


Ensure internal and cross-company communications remain secure and compliant with Symphony's unique customer-owned key infrastructure and Admin Portal.

Do you know who has access to your company’s data?

View Infographic
Security and Compliance: Secure Messaging Software | Symphony

Safeguard your information

State-of-the-art encryption with customer-owned keys keeps your data safe, whether communicating within an organization or across enterprises.

Comply with global regulations

Establish information barriers, create expression filters, assign entitlements, monitor rooms, and export content into regulatory record archives via Symphony’s Admin Portal.

Secure Enterprise Messaging & Secure Messaging Platform | Symphony
EU-U.S. Privacy Shield &
EU-Swiss Privacy Shield
Verasafe™ Privacy Program member
FS-ISAC Affiliate Member
Symphony has implemented security controls that comply with the HIPAA Security Rule. These controls are also independently audited in Symphony's SOC 2+ Report.
View our GDPR Whitepaper for information about Symphony’s strategy for complying with the EU General Data Protection Regulation.

Security & Compliance Certifications

At Symphony, we understand the importance of an independent opinion, especially for something as important as security & compliance.

Symphony holds a number of independent certifications over our security and privacy controls, and bases its security program on NIST and ISO standards.

View our Privacy Policy for more information.

Deploy mobile with confidence

Connect the Symphony mobile app to your existing Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions.

Secure Messaging for Business: Secure Team Collaboration | Symphony

“One would assume that if the traffic is encrypted both at rest and in transit, that is sufficient. The fact is, it’s not.”

Zeus Kerravala, ZK Research

Read the complete white paper →

Have Questions?

  • Security overview
  • Differentiation
  • Encrypted search
  • Mobile security
  • Data ownership
  • SOC certification

How does Symphony keep my information secure?

Security is at the core of our collaboration platform.

We architected security into Symphony from the ground-up. We pioneered end-to-end encryption in our enterprise-class cloud-based collaboration service to keep your data secure in the cloud. We encrypt your content as soon as the user presses send, and never decrypt it until it reaches the intended recipients. With the Symphony Enterprise offer, we give you full physical and exclusive control of encryption keys – thereby ensuring that neither Symphony nor hackers can decrypt your content.

We have rigorous security policies that are informed by ISO 27001. Our dedicated security team and independent third parties evaluate and test the security of our service. We conduct thorough vulnerability scanning and harden our systems with penetration testing. Certifications such as SOC 3 and SOC 2 Type II demonstrate our robust security controls.

Our enterprise-class Administration and Compliance Portal provides granular controls for deploying and managing security capabilities such as Single Sign-On, Mobile Device Management (MDM), two-factor authentication and more. Symphony interoperates with third-party MDM solutions. The Administration and Compliance Portal also provides capabilities to export content for archiving and e-discovery.

With Symphony, you get end-to-end security that is architected into the service from the ground-up, not painted on as an afterthought.

How is Symphony’s security architecture differentiated?

Competing cloud-based collaboration platforms have gaps in encryption. They encrypt data at rest and in motion. But this is not end-to-end encryption. Your data is repeatedly decrypted in the cloud, which exposes the data to service providers and potentially to hackers. Once decrypted, your data can be scraped, shared, used or hacked.

The Symphony Enterprise offer provides end-to-end encryption which helps alleviate these issues:

  • Encrypt at origin: Symphony encrypts content as soon as the user presses send.
  • Decrypt at destination: Content is never decrypted until it reaches the intended recipients.
  • Get full physical and exclusive control of keys with an on-premise deployment of Hardware Security Modules; this means neither Symphony nor hackers can decrypt your content.

How is Symphony’s security approach stronger than Bring-Your-Own-Key (BYOK) and customer-controlled key management solutions?

Some other collaboration tool providers equate BYOK and customer-controlled key management solutions with end-to-end encryption. But this is not the real story, and still leaves a large security concern. BYOK solutions provide customers the ability to use their keys for encryption. However, the customers are required to load the keys to the cloud. The solution provider uses the keys to decrypt messages and files on cloud servers at runtime for processing. This typically exposes the messages and files in clear text in the cloud, making them more prone to hacking.

Symphony offers true end-to-end encryption in that our enterprise customers have full, physical and exclusive access to keys. We do not decrypt objects on cloud servers. The keys are not only created by the customers but remain entirely in the hands of the customers. So, even if the cloud service is breached, the keys remain safe because they aren't even in the cloud.

Does Symphony decrypt customer’s data to execute search queries?

No. Symphony has developed a unique encrypted search solution that ensures your data remains encrypted for executing search queries.

Does a mobile user benefit from end-to-end encryption?

Yes. Symphony’s end-to-end encryption model works for our desktop, browser and mobile clients.

Who owns the information that employees post in Symphony?

The information that your company’s employees post in Symphony generally belongs to your company. Your administrators can export data for archiving at any time with the Content Export feature available in Symphony Administration and Compliance Portal.

Do you have SOC certification?

Yes. Symphony has SOC 2 Type II and SOC 3 certifications.