We understand that security is your priority. It’s ours, too. That’s why we use advanced security technology to help protect your users and company data.
All connections to Yammer are secured via SSL/TLS. Any attempt to connect over HTTP is redirected to HTTPS.
If your servers support TLS encrypted email, any data sent from Yammer by email will be delivered using encrypted transport.
Yammer is built according to secure development best practices with security reviews incorporated throughout the design, prototyping and deployment process.
We classify and treat all data as confidential, using inbound and outbound low-level logical firewalls to ensure that data cannot be leaked between Yammer networks. Sensitive production data is never migrated or used outside of the production network.
Yammer’s web application servers are physically and logically separated from servers that store customer data.
Yammer runs on hardened Linux servers. Externally exposed critical patches are addressed within 24 hours.
Yammer’s offsite SSAE16 SOC1 data center provides 24/7/365 video surveillance, biometric and pin-based locks, strict personnel access controls and detailed visitor entry logs.
We routinely run internal and external vulnerability scans and penetration tests and work with third-party firms for in-depth quarterly security reviews.
Your data is backed up multiple times a day and protected with strong encryption on disk. Backups are transferred off-site over SSH and properly deleted after six months.
Yammer supports SAML 1.1/2.0-based SSO on all web, desktop and mobile clients.
Set password policies for length, expiration and complexity to match your company password policies.
Session management tools let admins see the devices users are logged into, and log them out if needed. Admins can close open sessions for any users in their network by destroying OAuth tokens.
Restrict access to a specified IP range so that your network is only accessible in designated physical locations or through your organization’s VPN.
If you would like more information on our security policy or if you would like to report a security issue, contact us.