ON THE FRONT LINE

Security and compliance at Ably

As a provider of serious, serverless realtime messaging infrastructure, security is baked into everything we do. From network-level attack mitigation to individual message-level encryption, you never need to worry about security and compliance.

SAFETY IN NUMBERS

Encryption


  • SSL/TLS encryption available for every customer.
  • 256-bit AES encryption available using your private key, meaning no one, even Ably, can read your messages without your private key.
  • All client-to-server communication is secured by SSL/TLS ensuring server-to-server communication is always secure.
Developer apis illustration

CONSTANT VIGILANCE

DoS protection


  • We can detect and deny invalid connection attempts at the edge of our network ensuring our core infrastructure is unaffected.
  • Our near-limitless scale means we can mitigate huge increases in traffic and defend against DDoS attacks - so you benefit from our scale as attacks have no effect on your own servers.
  • Low TTLs on DNS routing means we can route real users away from data centres under attack.
  • We rate limit requests by account, app, token, key and IP address.
Developer apis illustration

BECOME THE KEYMASTER

Authentication


  • Token-based authentication, including JWT support, ensures API keys remain private, and compromised tokens have limited value because of their expiration.
  • Support for basic authentication over SSL/TLS connections for authentication convenience.
Developer apis illustration

ALWAYS IN CONTROL

Privilege-based access


Developer apis illustration

REST ASSURED

Compliance





  • SOC 2 Type 2 logo

    SOC 2 Type 2

    Ably regularly completes audits of our product, infrastructure, and policies to the satisfaction of the SOC 2 Type 2 standard.

  • HIPAA logo

    HIPAA

    Ably offers HIPAA BAA agreements to companies in the healthcare industry that must comply with regulations for safeguarding.


gdpr logo

EU GDPR-compliant

  • Any usage of personal data is communicated with the proper consent.
  • Personal data is properly collected, stored, and documented.
  • Relevant processes are followed for transfers of personal data outside the European Union.
  • For more information, see our data protection and privacy policies.
flag EU + flag US

EU and US-only data storage

  • Control routing of your data streams.
  • Store data and realtime messages solely within the EU or US.
With approximately 290,000 passenger trips a day it is vital that Metra deliver real-time updates for train arrival information. With the tools made available by Ably, Metra is able to deliver real-time data to customers quickly, dependably, and cost effectively, which prove beneficial for both Metra and Metra passengers.

Cherie Kizer

CIO / Metra