Security and Trust Center

A new paradigm for SaaS. Your customers keep their data with trusted Private SaaS. Private SaaS has many names from “Hybrid On-premise” to “Bring Your Own Cloud” (BYOC).

Overview

Security Compliance

Our SaaS vendors already rely on Tensor9’s Private SaaS platform to deliver their SaaS capabilities to businesses around the world.

SOC 2 Type 2 certification expected in Fall 2024.

Security Architecture and Features

We provide comprehensive security to protect your SaaS code as well as your customer’s data through governance, orchestration, and auditing.

Shared Responsibility Model

Our shared responsibility model outlines the security and compliance obligations of Tensor9, the SaaS vendor, the SaaS customer, and the cloud service provider.

How It Works

Tensor9 seamlessly runs your software in your customer's cloud.

Your SaaS stack in your cloud

Customer’s Private SaaS stack
in their cloud

Customer using their Private SaaS

Security Architecture

Tensor9’s Private SaaS platform architecture is split into three planes to simplify permissions and reduce risk.

Management Plane

Tensor9’s Cloud

Tensor9's management console providing metadata and licensing

Control Plane

SaaS Vendor’s Cloud

Vendor's SaaS stack in Vendor's cloud with Tensor9 controller orchestrating customer software updates, collecting metadata, and providing licensing

Data Plane

Customer’s Cloud

Private SaaS in customer's cloud with Tensor9 controller. Customer interacts solely with their own Private SaaS instance.

Security Features

We provide security to protect vendor data and workloads, such as encryption, network controls, data governance and auditing.

Vendor-managed Keys

  • Gain control of your intellectual property with encryption and vendor-managed keys

Customer Control

  • Customer’s data never leaves the customer’s cloud

Auditing

  • Customers can decrypt and inspect inbound and outbound traffic for expected data

Private Link

  • Connect privately between all Planes with Private Link or Direct Connect

Restricted Access

  • Tensor9 production access to Vendor’s Tensor9 controller is restricted to when the vendor allows it

  • Similarly, Vendor’s production access to Customer’s Tensor9 controller is restricted to when the customer allows it

Zero Trust

  • Tensor9 enables customer Private SaaS deployments to deploy as a closed ecosystem with explicit connectivity and access controls

  • Private SaaS’s internet access always goes through a customer owned and configured firewall, such as AWS Network Firewall or the customer’s own security appliance

Encryption

  • All communication between planes are encrypted

  • Data plane supports local data storage encryption for vendor’s intellectual property

  • Customers can use encrypted storage buckets for customer data

Shared Responsibility Model

Security and compliance are a shared responsibility between Tensor9, the SaaS Vendor (“Vendor”), the SaaS Vendor’s customer (“Customer”), and the cloud service provider (“CSP”) such as AWS, GCP, or Azure.

CSPs also have formalized their shared responsibility models (AWS, Azure, GCP). Tensor9 is responsible for developing and maintaining the code and infrastructure to deploy the Vendor’s software to Customer environments.

The shared responsibility provides the flexibility and both Vendor and Customer control to their risk appetite.

  • Vendor responsibility “Security in the Application” - the Vendor is responsible for developing, maintaining, and protecting the assets that make up the Vendor’s SaaS offering such as models, application code, and infrastructure code. 

  • Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by the Vendor and Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.

  • CSP responsibility “Security of the Cloud” - the CSP is responsible for protecting the infrastructure that runs all of the services offered in the Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run Cloud services.

Cloud Service Provider

Details

SaaS Vendor

SaaS Customer

Customers control their data.

Their data never leaves their cloud.

Ready to see Tensor9 in action?

Get a personalized demo.