Mattermost | Security
Protecting your data is our
From safeguarding intellectual property to ensuring national security, we help you maintain security, privacy and compliance.
We keep companies around the world secure and compliant
Built for environments with the strictest security, privacy, and compliance requirements.
Mattermost is the world’s most secure platform for developer collaboration. Deployable in on-prem (or air-gapped) environments, leading organizations in the highly-regulated industries such as Government, Healthcare, and Financial Services trust us to help their teams move fast without the lowest risk.
Our Security Architecture & Practices
- Encryption in transit
- Encryption at rest
- Network and security hardening
- System monitoring
- Annual penetration testing
- Manual and automated source code reviews
- Regular security updates delivered to the community prior to public disclosure
Maintain complete control of your data at all times
Data Protection & Information Governance
- Global retention policies
- Compliance exports
- Role-based access control with custom permissions
- Custom terms of service (TOS)
- Block message contents from appearing in mobile application notifications
Identity & Access Controls
- Multi-factor authentication (MFA)
- Session duration configuration
- User and group provisioning via Active Directory and LDAP
- SAML-based single sign-on (SSO)
- Certificate-based authentication (CBA)
- Enterprise mobile management (EMM)
- Block message copy and file download
- Minimum app version
Why security-conscious developers love us
Deployed in Zero Trust environments around the world.
The only self-managed solution for security-conscious developers
- Get a secure, on-premises installation in your data center with layered security options (SSL, VPN and DMZ).
- Own your database (MySQL or PostgreSQL) and manage all internal controls.
- Keep integration connections completely private for tools like Jenkins, Git, and Zoom.
- Host on the secure cloud of your choice such as Azure or AWS — no need to send Active Directory data over a public network.
Secure cloud options keep your digital operations agile & secure
- Receive a dedicated Kubernetes cluster that is fully isolated from other customers.
- Get all the resources required to run the Mattermost application with the highest security standards, including data encryption at rest and in transit.
- Your pre-configured cluster is secure by default, based on industry best practices including encryption, TLS certificates lifecycle management, and automatic security updates.
Security is a top priority for LAIKA, and Mattermost’s self-hosted solution helps us keep our sensitive data and intellectual property secure.
We take security and privacy very seriously, so hosting off-site was not an option.
Many of our larger members could never discuss security issues with each other in real life because their lawyers would go crazy. But because Mattermost provides a secure platform, they can collaborate with other organizations within H-ISAC to solve problems.