As a provider of serious, serverless realtime messaging infrastructure, security is baked into everything we do. From network-level attack mitigation to individual message-level encryption, you never need to worry about security and compliance.
SAFETY IN NUMBERS
SSL/TLS encryption available for every customer.
256-bit AES encryption available using your private key, meaning no one, even Ably, can read your messages without your private key.
All REST-based communication is secured by SSL/TLS ensuring server-to-server communication is always secure.
We can detect and deny invalid connection attempts at the edge of our network ensuring our core infrastructure is unaffected.
Our near-limitless scale means we can mitigate huge increases in traffic and defend against DDoS attacks - so you benefit from our scale as attacks have no effect on your own servers.
Low TTLs on DNS routing means we can route real users away from data centres under attack.
We rate limit requests by account, app, token, key and IP address.
BECOME THE KEYMASTER
Token-based authentication, including JWT support, ensures private keys remain private, and compromised tokens have limited value because of their expiration.
Support for basic authentication over SSL/TLS connections for authentication convenience.
Policies can assign privileges to access any number of channels, and assign subscribe, publish, register presence, or access statistics rights.
SOC 2 Type II
Ably is in the process of completing formal third-party SOC 2 Type II audit of our product, infrastructure, and policies. Formal certification is scheduled for 2020.
Ably offers HIPAA BAA agreements to companies in the healthcare industry that must comply with regulations for safeguarding.
Ably's info-sec systems are designed and implemented to provide a robust monitoring framework. We are in the process of completing formal third-party certification for ISO27001. Formal certification is scheduled for 2020.
Any usage of personal data is communicated with the proper consent.
Personal data is properly collected, stored, and documented.
Relevant processes are followed for transfers of personal data outside the European Union.
For more information, see our data protection and privacy policies.
EU and US-only data storage
Control routing of your data streams.
Store data and realtime messages solely within the EU or US.