Apollo
Trust Center

Best practices, tech talks, and customer stories to help you build, scale, and drive adoption of your graph.

Endpoint Protection Strategy

Endpoints within Apollo are equipped with state-of-the-art detection and response software to thwart malware and cyber-attacks, providing detailed activity logs, isolation capabilities, and investigative tools. To further secure sensitive data, Data Loss Prevention (DLP) technologies are utilized. Ongoing maintenance of security configurations and system updates are managed through comprehensive Mobile Device Management (MDM).

Enhanced Access Control and Security Protocols

Apollo implements a unified access management system and robust authentication via phishing-resistant FIDO 2 MFA for access to our systems and data. We rely on Identity and Access Management (IAM) roles couped with ephemeral tokens for secure cloud access. The safeguarding of development and operational settings is intensified by adopting a Just-In-Time approach for elevated access and comprehensive device health assessments.

Innovative Cloud Security Design

Apollo’s operational framework is built on immutable infrastructure principles, governed through code. Integral to its Software Development Life Cycle (SDLC), automated processes within our Continuous Integration/Continuous Deployment (CI/CD) pipeline rigorously manage configuration alterations, applying stringent security validations. Our team leverages advanced cloud-native network security tools in harmony with access controls, crafting a strong barrier against unauthorized remote access and ensuring internal environment segregation.

Internal Security Ecosystem

Apollo has implemented a state-of-the-art monitoring, detection and response tooling to oversee and enhance the security posture of its cloud infrastructure. We utilize an advanced CSPM solution for continuous monitoring, compliance checks, and security governance across all cloud platforms, enabling us to automatically identify and rectify misconfigurations and compliance violations in real-time. A comprehensive Security Information and Event Management (SIEM) system aggregates security logs from Apollo environments.

Comprehensive Risk Management Framework

Apollo’s risk management approach is integrated within its operational and technical domains, facilitating the identification and mitigation of security and privacy risks. This proactive strategy not only safeguards essential assets but also ensures adherence to customer, regulatory, and legal obligations. By continuously addressing and adapting to the dynamic threat environment, our team remains at the forefront of delivering secure and reliable security solutions.

SOC 2 Type II

Apollo passed its Type II audit in May 2024 with no exceptions.

Download the report

ISO 27001: 2022

Apollo GraphQL has been certified for ISO/IEC 27001: 2022 Information Security Management System as of October 10, 2024

Download the certificate now

NIST 800-171

Apollo is compliant with the NIST SP 800-171 standards.

Download the report

CIS Standard

Apollo uses the Center for Internet Security Benchmark standard for internal risk assessment to guide priorities. The standard is based on NIST and categories map directly to ISO27001 and others on our roadmap. Objectives and results are reviewed quarterly.

Standardized Information Gathering

The Standardized Information Gathering (SIG) questionnaire is useful for determining how security risks at Apollo are managed across 18 different risk categories.

CyberGRX

CyberGRX is a popular third-party risk portal many of Apollo’s customers use for consolidating security questionnaires into one single location. Like a SOC 2 Type II, Apollo has provided answers to the common controls and provided evidence.