The world’s most trusted API gateway is just the start. All of Kong’s offerings are built from the ground up with enterprise-grade security, compliance, and privacy at their core. And Kong is dedicated to continually improving security processes and controls, protecting customer data, and upholding data usage transparency.
Kong Konnect, the cloud native API lifecycle platform, helps you build better applications faster and more securely. Kong hosts the control plane, while the runtime engine — Kong’s lightweight, flexible API gateway — runs in your environment.
Kong Enterprise is a fast, feature-advanced, and secure API management solution built on Kong Gateway, the world’s most adopted API gateway. An API gateway is a reverse proxy that lets you manage, configure, and route requests to your APIs.
Kong Mesh is an enterprise service mesh that runs on both Kubernetes and virtual machines (VMs) on any cloud and multi-cluster. Built on top of CNCF’s Kuma and Envoy, Kong Mesh enables microservices transformation.
Kong Insomnia is a collaborative API client and design tool for quickly building and testing APIs. The open source product is offered for free or with a limited SaaS service for a monthly per-user fee. It’s also offered to enterprise customers.
Kong’s products offer enterprise-grade security and are designed to support enterprise customers’ security, compliance, and privacy needs. Kong undergoes independent verification of platform security and compliance controls.
This regularly refreshed report focuses on non-financial reporting controls as they relate to security, availability, and confidentiality.
Kong has completed a Consensus Assessment Initiative Questionnaire (CAIQ) self-assessment.
The National Institute of Standards and Technology (NIST) 800-218 is a standard for secure software development. Kong has completed a NIST 800-218 self-assessment.
Kong engages a security company to perform security, vulnerability, and penetration testing for all products at least annually.
This policy sets out steps and responsible personnel to help ensure business continuity and recovery in the event of a disaster.
Please contact your Kong sales representative for more information regarding these security and compliance controls.
Explore company policies and resources to see how Kong’s products and people meet customers’ high expectations.
The Kong Kode describes the regulations, laws, and policies Kong implements concerning the legal and ethical behavior required of employees.
Kong offers a Vulnerability Disclosure Program — also known as a bug bounty program — for reports of unique confirmed vulnerabilities.
See the features, processes, and controls applicable to Kong products, including configurable options available to the customer, that employ industry-standard information security best practices.
Kong is committed to developing its ESG program to build a sustainable and efficient business. Kong is working to mitigate its environmental impact and build an equitable, socially responsible company.
Kong has completed an ESG Evaluation and Benchmarking Exercise with EcoVadis, which will be repeated in 2023.
Kong is committed to being transparent about the company’s handling of data. See below for an overview of the collection and use of personal and customer data in connection with Kong’s products and services.
The General Data Protection Regulation regulates the use and protection of personal data protection in the European Economic Area (EEA), but it affects the way business is done globally. Compliance with GDPR is a top priority for Kong and its customers, and Kong can be a key enabler in customers’ compliance efforts.
The California Privacy Rights Act creates consumer rights relating to the access to, deletion of, and sharing of personal information collected by businesses. Kong is committed to supporting customers with CPRA compliance and can be a key enabler in this journey.
Kong’s Privacy Policy describes the policies and procedures regarding the collection, processing and disclosure of information about you, and what rights you have while we hold that information.
Kong’s Data Processing Activities Summary sets out an overview of the collection and use of personal data and customer data in connection with Kong’s products and services.
Discover other resources around Kong’s policies and processes in place to protect the
company,
its offerings, and its customers.