Optimizely response to Ukraine invasion

We at Optimizely, as with most of the world, are greatly saddened by the events and invasion of Ukraine on Thursday the 24th of February. Our thoughts are immediately with those affected by the conflict and hope for civility, logic, and peaceful resolution prevail. While we do not employ people or have operations in Ukraine, Belarus or Russia, we stand in solidarity with our employees, partners and customers. We are committed to financial support for emergency preparedness of employees in neighboring territories, as well as support for those employees with family affected with temporary relocation assistance, increased time off and additional mental health resources.

That said, Optimizely is anticipating and prepared for the increased risk of Cyberattacks stemming from conflicts in the Ukraine and retaliation for Russian and Belarusian sanctions by other nations. In addition, our business continuity planning is continuously being improved and is ready for activation should this event spread beyond its current borders.

We have robust technical and organizational measures (TOMs) deployed across our corporate infrastructure and customer facing services that protect against disruption of your business.  While there remain many unknowns about the extent and nature of potential threats, we are confident that we are well prepared to defend against attacks.

 

We specifically have the following technical measures in place

  • Cloud Distribution Networks (CDNs) to protect against DDOS, URL Injection and Bot protection.
  • Continuous monitoring of service performance
  • Security monitoring of our external surface area
  • Secure-by-design practices in our development lifecycle
  • Third-Party testing of our infrastructure
  • Continuous internal vulnerability testing
  • An ethical hacker program to identify emerging vulnerabilities
  • Multi-factor authentication for our business-critical environments
  • Logical segregation between customer data

We have taken the following additional measures to mediate the heightened risk level

  • Additional awareness and measures to protect against social engineering of our employees
  • Identification of any high-risk customers which need additional focus
  • Isolation of our infrastructure from any staff in the impacted areas
  • Compliance with any sanctions impacting Optimizely services
  • Increased monitoring and awareness of any incidents which may occur including those reported externally
  • Increased staffing and response time for our Security Incident management team
  • Planning for any widespread attack that other countermeasures do not contain

There is more detail about our Security Program on the Optimizely Trust Center
We will update this page periodically as events progress. 

Latest update March 2, 2022