Wowza Corporate Security Measures
Wowza has built a culture of security that protects customer and company data through a holistic set of controls, processes, and guidelines. As part of our commitment to delivering secure streaming services and ensuring customer confidentiality, we’ve outlined the security practices governing our infrastructure and day-to-day operations below. In adherence to these practices, we ask that any customer who identifies a vulnerability contact technical support immediately to streamline the mitigation process.
Security Testing and Code Quality Assessments
Wowza uses automated tools to scan our source code for vulnerabilities as well as code errors, which we then remediate in the next release.
Wowza regularly performs third-party penetrations tests to identify vulnerabilities for resolution.
Monthly Security Burn Down Day
Wowza’s Engineering team participates in a once-monthly security-focused day to keep security top of mind and prioritize continuous improvement.
The Wowza Streaming Cloud service leverages two-factor authentication across all access points to protect all access to infrastructure, source code, and cryptographic secrets.
Customer Security Capabilities
Wowza offers a full suite of content protection capabilities for customers to configure in deploying their streaming solutions, however, whether or not this is a priority is at their discretion.
Continuous Monitoring and Incident Response
24/7 Support and Monitoring
Technical support is included with all active monthly subscriptions and maintenance and support contracts.
Wowza System Status
When there is a service-impacting issue, the Wowza System Status page will provide clear and transparent communication to our customers.
Incident Response Plan
Wowza proactively tracks and addresses all incoming security requests in accordance with our incident response plan. Specifically, Wowza’s 24/7 on-call team of engineers triages all incoming security items, updates the NIST database of Common Vulnerabilities and Exposures (CVEs), and documents vulnerabilities and fixes in product release notes.
In providing live streaming infrastructure, Wowza intentionally does not store customer data or gather personally identifiable information (PII) on our own servers.
Access to Wowza’s office location is restricted to authorized employees, contractors, and visitors using badge entry. Building entrances are also monitored via video surveillance.
Wowza maintains a formal Business Continuity and Disaster Recovery plan.