Security information

🇫🇷 Hosting

All of our data and application is hosted in France on AWS Servers (eu-west-3).

🔐 Compliance

☁️ Sub-Providers

Our main sub-providers are : AWS (cloud), Google (IdP), Microsoft (IdP), Okta (IdP), Github (Version Control)

⚙️ Functional levels

Our solution offers three distinct levels of functionality plus an extra

Premium - Diagnostic:

A one-time in-depth automatic diagnostic to uncover Shadow IT, prevent security risks, cut down on unused tool costs and pinpoint critical concerns.

Anonymous Collection:

This level provides anonymous data collection, tracking usage events such as timestamps and accessed domains across 110,000+ whitelisted domains. It is ideal for environments needing high security with minimal data exposure.

Identified Collection:

In addition to basic monitoring, this level includes identified data collection. It captures user-specific information like email addresses and domain cookies to ensure accurate tracking of user activity. This level also supports integration with major IdPs (Microsoft, Okta, Google) for directory and SSO event synchronization. Examples of outcomes include identifying unauthorized SaaS usage or detecting policy violations based on user activity.

Business Plan - Shadow IT

Manage Shadow IT effortlessly with the Business Package, offering real-time monitoring and proactive protection for all online tools used by your teams.

Enterprise plan - Shadow IT & FinOps:

Streamline SaaS management with the Enterprise package, offering smarter cost control and spend management systems alongside with advanced security features.

Advanced Software Analysis

This specific use case focuses on timely audits and reviews, providing a comprehensive overview of a SaaS real usage—ideal for contract renewals, for example. Deliverables are provided as Excel sheets, offering significantly more data than what is available in Sonar’s web app.

🙅 Data collected :

IdP (Google Workspace, Okta, Microsoft Entra, CSV)

Browser extensions (Chrome, Chromium, Edge, Firefox, Safari)

2000+ integrations

Google Workspace and Microsoft Office 365

🗄️ Recognised Applications:

All applications that are part of our database can be recognised by both the SSO, the browser agent and the emails addons. This whitelist currently contains more than 110,000 apps. This whitelist is also :

• Customizable.

• Weekly updated, especially with new AI tool.

• Can contain custom client URLS for on premise applications accessed via the browser.

📗GDPR Compliance and Validation:

All solutions are GDPR compliant, addressing the stringent data protection requirements of the insurance industry.

The anonymous option is particularly beneficial in security-sensitive environments, as it only collects usage events without personal information. Furthermore, all data traffic is encrypted to prevent leakage in case of interception. Upon receipt, traffic is secured using AWS Cognito resource access control, ensuring no unauthorized access.