The world’s most trusted API gateway is just the start. All of Kong’s offerings are built from the ground up with enterprise-grade security, compliance, and privacy at their core. And Kong is dedicated to continually improving security processes and controls, protecting customer data, and upholding data usage transparency.
Kong Konnect is an API lifecycle management platform designed from the ground up for the cloud native era and delivered as a service. This platform lets you build modern applications better, faster, and more securely. The control plane is hosted in the cloud by Kong, while you can choose to either host the data plane yourself in your preferred network environment or let Kong manage it for you in the cloud. Learn more here.
Kong Gateway Enterprise is a fast, feature-advanced, and secure API management solution built on Kong Gateway, the world’s most adopted and performant API gateway. An API gateway is a reverse proxy that lets you manage, configure, and route requests to your APIs.
Kong Mesh is an enterprise service mesh that runs on both Kubernetes and virtual machines (VMs) on any cloud and multi-cluster. Built on top of CNCF’s Kuma and Envoy, Kong Mesh enables microservices transformation.
Kong Insomnia is a collaborative API client and design tool for quickly building and testing APIs. The open source product is offered for free or with a limited SaaS service for a monthly per-user fee. It’s also offered to enterprise customers.
Kong’s products offer enterprise-grade security and are designed to support enterprise customers’ security, compliance, and privacy needs. Kong undergoes independent verification of platform security and compliance controls.
This regularly refreshed report focuses on non-financial reporting controls as they relate to security, availability, and confidentiality.
Kong has completed a Consensus Assessment Initiative Questionnaire (CAIQ) self-assessment.
The National Institute of Standards and Technology (NIST) 800-218 is a standard for secure software development. Kong has completed a NIST 800-218 self-assessment.
Kong engages a security company to perform security, vulnerability, and penetration testing for all products at least annually.
This policy sets out steps and responsible personnel to help ensure business continuity and recovery in the event of a disaster.
Kong Gateway Enterprise has attained Level 3 (hardened build) under the Supply Chain Levels for Software Artifacts (SLSA) Version 1.0 framework.
Kong Gateway Enterprise is available with a cryptographic algorithm validated through the NIST Cryptographic Algorithm Validation Program (CAVP).
Kong has received a Report on Compliance (RoC) by a PCI Qualified Security Assessor for Kong’s Attestation of Compliance – Merchant for Kong Konnect
Please contact your Kong sales representative for more information regarding these security and compliance controls.
Explore company policies and resources to see how Kong’s products and people meet customers’ high expectations.
The Kong Kode describes the regulations, laws, and policies Kong implements concerning the legal and ethical behavior required of employees.
Kong offers a Responsible Disclosure Program to encourage the good-faith reporting of security vulnerabilities. Researchers who follow our guidelines will not face legal action and may be publicly acknowledged for their contributions.
Kong maintains a Bug Bounty Program for unique, high-impact vulnerabilities within its scope. Eligible submissions may be rewarded based on severity, quality, and novelty.
See the features, processes, and controls applicable to Kong products, including configurable options available to the customer, that employ industry-standard information security best practices.
Kong is committed to developing its ESG program to build a sustainable and efficient business. Kong is working to mitigate its environmental impact and build an equitable, socially responsible company.
Kong has completed an ESG Evaluation and Benchmarking Exercise with EcoVadis, which will be repeated again in 2024.
Kong is committed to being transparent about the company’s handling of data. See below for an overview of the collection and use of personal and customer data in connection with Kong’s products and services.
The General Data Protection Regulation regulates the use and protection of personal data protection in the European Economic Area (EEA), but it affects the way business is done globally. Compliance with GDPR is a top priority for Kong and its customers, and Kong can be a key enabler in customers’ compliance efforts.
The California Privacy Rights Act creates consumer rights relating to the access to, deletion of, and sharing of personal information collected by businesses. Kong is committed to supporting customers with CPRA compliance and can be a key enabler in this journey.
Kong’s Privacy Policy describes the policies and procedures regarding the collection, processing and disclosure of information about you, and what rights you have while we hold that information.
Kong’s Data Processing Activities Summary sets out an overview of the collection and use of personal data and customer data in connection with Kong’s products and services.
Discover other resources around Kong’s policies and processes in place to protect the
company,
its offerings, and its customers.