How We Ensure PagerDuty is Secure for our Customers

PagerDuty emphasizes the importance of security in protecting customer data and ensuring secure communication, given their focus on high availability and the challenges of maintaining robust security in a dynamic, distributed, and fault-tolerant environment. The company employs several best practices, including establishing flexible internal security standards, securing systems by default to enforce consistency, and adopting a provider-agnostic approach to avoid vendor lock-in. They utilize commonly available Linux tools and Chef for security tooling, centralize policy management while distributing enforcement across network nodes, and constantly validate their security measures through active monitoring and alerting to quickly address issues. This blog post is the first in a series that delves into the strategies and techniques used by PagerDuty’s Operations Engineering team to secure their platform.