Platform Deployment Security & Compliance

Why Enterprises Prefer Cloud-Native Security Automation

Swimlane Turbine is a cloud-scale, low-code security automation platform. We take a deployment-agnostic approach to building software. Swimlane’s cloud architecture is identical to on-premise deployments, only smaller, making it the preferred model for many customers.

Deploy in Days

You can deploy Turbine in the cloud in days versus the months it takes to deploy legacy on-premises SOAR solutions.

Less to Manage

Unlike legacy on-prem SOAR solutions, with Swimlane cloud deployments you will not have infrastructure to manage.

Automatic Upgrades

With new product features released monthly, Swimlane handles the upgrade process so you don’t have to.

SOC 2 Type II Compliance

We have implemented processes, procedures, and practices in order to comply with the most rigorous SOC 2 Type II compliance requirements in terms of how we handle customer data and information. Swimlane Turbine is designed to enable you to securely access and manage your content.


Monitoring & Vulnerability Testing

All Swimlane platform infrastructure is continuously monitored. Internal and external teams regularly test the platform for vulnerabilities

Security Awareness Training

All Swimlane employees are required to attend regular security awareness training, which includes information, policies and procedures related to protecting customer data.

Technical and Physical Controls 

We have implemented a number of controls within the Swimlane Turbine platform and cloud infrastructure that are intended to prevent the disclosure of content or the unauthorized access to content. Turbine has various security features that help ensure the confidentiality, integrity and availability of customer information.


Encryption of Data at Rest and in Motion

We store all passwords and credential data in a secure database. Data in motion is protected using Transport Layer Security (TLS).

Support for SAML/SSO

We support local user account provisioning through Open LDAP, Microsoft Active Directory, and SAML 2.0.

Two-Factor Authentication

2FA is enforced globally, and is required prior to users being able to access Turbine in the cloud.

Role Based Access Controls

RBAC can be applied at every level of objects within Swimlane workspaces, dashboards, reports, applications, records and individual records. More granular controls can be applied down to the individual field level

Controlled Access to Cloud Data

Swimlane restricts access to production systems to a handful of employees. Contractors and third-parties do not have access to any customer production data. We regularly audit the list of employees with access.

Full Data Center Compliance

Swimlane Turbine’s cloud infrastructure is currently hosted out of the US, UK, EU, Singapore, and Australia. All cloud data centers hosting Turbine have achieved compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 9001:2015, and CSA STAR CCM v3.0.1. They have also completed the following examinations:

* SSAE 16
* SOC 1 Type II
* SOC 2 Type II

Open for Feedback

We welcome reports from security researchers and experts about possible security vulnerabilities in our product. To report a security vulnerability in Swimlane, please send details to [email protected]. We do not have a bug bounty program.

Ready to Get Started?

Request a Demo