The Secure Way to Debug in Production
Ensuring your assets stay yours
Founded and run by cybersecurity experts, Lightrun is committed to the security and privacy of your code and data.
Founded and run by cybersecurity experts, Lightrun is committed to the security and privacy of your code and data.
ISO27001 Compliant
Agile deployment models: on-premise or customer private cloud
Lightrun does not have access to your source code
All communication is encrypted
Authentication and access management
Role based access control (RBAC) and single sign-on
Audit trail and logs
Self-defense mechanisms and PII redaction
Secure product development lifecycle
Monitoring & incident response
Physical security
Founded and run by cybersecurity experts, Lightrun is committed to the security and privacy of your code and data.
How we protect your data
How we protect your data
ISO 27001 Compliant
Lightrun is ISO27001 compliant. The policies are approved by Lightrun management at least annually and communicated to employees on a regular basis as part of the security awareness program which covers various types of security-related training modules. Lightrun is actively working to formally obtain certification with the leading international industry security standards, such as ISO 27001 and SOC2. In some cases, Lightrun may process basic personal data relating to data subjects in the EU (full name, business email); in such cases, Lightrun adheres to EU General Data Protection Regulation (GDPR).
Lightrun Does not Have Access to Your Source Code
Lightrun utilizes the developers’ existing IDE and therefore the customer’s source code does not leave its infra. Only the customer has access to the source code, at all times. The Lightrun architecture ensures the customer manages the code and Lightrun’s components end-to-end effortlessly. The Lightrun Sandbox ensures no changes to the code state and thresholds cap usage overhead.
Authentication and Access Management
Only registered, authenticated and authorized users are able to access and leverage Lightrun. Upon installation of the Client Plugin, users undergo a self-service registration process in which a unique username and password are created. Lightrun uses an Identity and Access Management framework and enforces strict password policy with a minimum length of 8 characters and full complexity. The passwords are securely stored hashed and salted, in accordance with NIST requirements.
Once logged in, each user is provisioned with a unique JWT. The Client component and users communicate with Lightrun using a short lifespan JWT token that requires re-authentication once in a defined period.
Audit Trail and Logs
Lightrun activity, actions and changes are logged to enable auditing.
Secure Product Development Lifecycle
Lightrun invests significant efforts to help ensure its product and system components are well protected and in alignment with the security industry’s best practices. Once a year, critical components within the Lightrun product undergo a Secure Design Review. In addition, all system components undergo security penetration tests on a regular basis by an independent third party, and the source code is scanned with static code analysis tools to help proactively identify potential security vulnerabilities. The Lightrun internet-facing components undergo vulnerability scans on a daily basis to help proactively identify potential issues.
Agile Deployment Models: On-premise or Customer Private Cloud
Lightrun is installed in an on-premise mode within the organizational network or through a private cloud via Docker or Kubernetes. The customer IT or DevOps team is responsible for the ongoing maintenance, as with any other internal/local resource. In addition, all existing organizational security controls and policies automatically apply to all of Lightrun’s components.
Encrypted Communication
The communication between all Lightrun components and the management server is always established over industry standard TLS 1.2 encrypted channels. Certificate pinning is utilized both in the agent and the client.
Role Based Access Control (RBAC) and Single Sign-on
Lightrun provides several types and levels of roles to help support granular management and segregation of duties. The roles introduce various permission levels ranging from the highest level of System Administrator, Manager, and Standard User. In addition, Lightrun is actively developing a Single Sign On module to help customers leverage the existing organizational user directory and repository.
Self-Defense Mechanisms and PII Redaction
The Lightrun agent has a built-in sandbox mechanism designed to help achieve minimal impact and prevent any unwanted side effects. In addition, Lightrun supports file and function level blacklisting, which allows the system administrators to restrict access to certain resources or use the Personal Data Fencing feature to restrict access to certain types of PII or sensitive data. As an additional security best practice, the Lightrun agent files can and should be placed in a path with read-only permissions to further reduce the risk.
Monitoring & Incident Response
Critical infrastructure components and services within Lightrun generate logs and audit trails. Alerts are generated based on severity and addressed by the relevant stakeholder or team within Lightrun.
Physical Security
Access to Lightrun facilities is restricted to authorised staff. Data center security is fully controlled by Amazon, as the providers of Lightrun’s hosting facilities and infrastructure. All data centers include multiple top-tier security controls, such as biometric identification, cameras, vehicle barriers and advanced intrusion detection systems. For more details, see here.
Contact us for any more security and privacy questions
Contact us
for any more security and privacy questions
