You're vouching for us to your clients. Here is exactly how Avistar touches their environments, what we store, and what we never do.
Scanning uses read-only, least-privilege credentials scoped to identity and access metadata. Discovery never writes to a client environment.
Nothing is deployed inside client infrastructure. There is no software to patch, monitor, or explain to a client's IT team.
Automated fixes run only through approval workflows your team controls. Every action is attributed, logged, and reversible where the cloud provider allows it.
Data is encrypted in transit and at rest. Credentials are stored in a dedicated secrets manager, never in application code or logs.
We collect identity and access metadata, not your clients' business data. Access inside Avistar follows least privilege with audit trails.
Our platform maps findings to ISO 27001, SOC 2, NIST, FedRAMP, and HIPAA access controls, and we build our own program against the same bar. Documentation, including our security whitepaper and SOC 2 program status, is available to partners under NDA.
Send them our way. We'll join the call or answer the security questionnaire directly.