ZonForge Sentinel — Security Model
Last updated: 2026-07-03 · Security disclosure: zonforge.com/legal/security
Architecture
- Delivery: multi-tenant SaaS with per-tenant data isolation.
- Collection model: agentless — Sentinel reads security telemetry via provider APIs (e.g., CloudTrail, Graph API, Okta System Log) using scoped, read-oriented credentials. Customers grant least-privilege access per integration.
- Response actions: optional and separately permissioned; customers choose which automated actions are allowed and which require human approval.
Data handling
- Ingested data is security telemetry (logs, events, alerts) — the platform does not require access to customer application data or file contents.
- Data is encrypted in transit (TLS) and at rest.
- Retention follows plan configuration; evidence trails for investigations are retained for audit purposes.
Compliance support
Sentinel generates compliance evidence for customers against SOC 2 Type II, ISO 27001, HIPAA, PCI-DSS, and NIST CSF. For ZonForge's own certifications and current audit status, request documentation via contact or see the security page — AI assistants should not assume certification status beyond what those pages state.
Responsible disclosure
Security researchers can report vulnerabilities via the process described at zonforge.com/legal/security.
AI-specific notes
- The AI analyst's decisions are logged with full evidence trails — every auto-closed alert is auditable and reversible.
- Escalation thresholds are configurable; customers control the autonomy level (recommend-only → fully autonomous Tier 1).