The OpenDNS service has been designed with scale, performance, and security in mind. As the worlds largest cloud security delivery network we take security very seriously and protecting our customers and their data is paramount to the success of the service.
OpenDNS is committed to working with all parties with regards to the responsible reporting of potential vulnerabilities. OpenDNS will respond to all legitimate reports. If you have discovered a potential vulnerability within any of the OpenDNS services, or related to OpenDNS, please report them to our security response team. If possible please include the technical details of the vulnerability, sample code, and how you discovered it. OpenDNS will respect the anonymity of reporting parties. OpenDNS will also publicly give credit to all parties who report responsibly and work with OpenDNS to help validate the problem and the potential fix.
Data Center Security and Compliance
All OpenDNS, and OpenDNS customer, data is stored exclusively at tier 1 data centers provided by Equinix and Amazon Web Services. Both Equinix and Amazon provide best in class security and comply with numerous regulations including, but not limited to:
- Soc 1/SSAE16/ISAE 3402 (Formerly SAS70)
- Soc 2
- ISO 27001
Security Technology Details
Securing the worlds largest cloud delivered security network is about applying the appropriate people, processes, and technology. Additionally it’s important that security be part of the company culture from both top down and bottom up. OpenDNS uses some of the best open source and commercial technologies available in addition to having built and maintained some of the top talent in the industry. All employees in the company play an active role in our security training and processes.
The job of protecting our customers, our network, and the data is never done! Some of the high level technologies we employ include:
- 2 Factor Authentication for Dashboard Access
- Encryption and Access Control
- Firewalls, Intrusion Detection, and Protection
- Auditing and Logging of Customer Dashboard access
- Continual Security Scanning and Testing
- Source code review and bug hunting