We are committed to protecting your data and communicating transparently. We employ rigorous measures across our people, processes, and technology to safeguard your data, applications, and infrastructure.
Security is everyone’s responsibility at Workday. Employees and customers alike contribute to our security goals. That’s why Workday aims to keep everyone informed, enabled, and supported in prioritizing security and using best practices.
Leadership and employees.
Leadership prioritizes security at every level of our organization. All Workmates are responsible for the protection of our customers’ data and receive security, privacy, and compliance training from day one. Our dedicated Information Security team provides ongoing security training to minimize risk, while Workday Security Champions evangelize security best practices through employee engagement and fun.
Our customers have full control of the data they enter into Workday, as well as all setup and configurations. Workday offers training, specialized support, detailed documentation, timely communication, and a peer community to help you safeguard your data and make the most of our robust security tools.
“With Workday, we reduced 262 systems down to a few overarching applications—while increasing security, gaining functionality, and pressing forward with innovation.”
—Chief Information Officer
To protect your data, Workday has detailed operating policies, procedures, and processes for our data centers, network, and applications.
Data centers.Workday applications are hosted in state-of-the-art data centers with fully redundant subsystems and compartmentalized security zones. The data centers adhere to strict physical and environmental security measures. The facilities require multiple levels of authentication to access critical infrastructure.
Camera surveillance systems are located at critical internal and external entry points, while security personnel monitor the data centers 24/7. The data centers have implemented redundant environmental safeguards and backup power management systems including fire suppression, power management, heating, ventilation, and air-conditioning, setup in a minimum N+1 redundancy.
Network security.We secure our network through proven policies, procedures, and processes, such as perimeter defense, threat prevention, and threat detection tools that monitor for atypical network patterns in the customer environment as well as traffic between tiers and services. We also maintain a global Security Operations Center 24/7/365.
Multiple external vulnerability assessments conducted by third-party experts scan internet-facing assets, including firewalls, routers, and web servers, for unauthorized access. In addition, we use an authenticated internal vulnerability network and system assessment to identify potential weaknesses and inconsistencies with general system security policies.
Application security.Every step in our application development, testing, and deployment process is designed to secure our products. Our Product and Technology teams employ enterprise Secure Software Development Life Cycle (SSDLC) as well as DevSecOps accountability practices. Our development process includes an in-depth security risk assessment and review of Workday features. Static and dynamic source code analyses help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application.
Prior to each major release, a leading third-party security firm performs an application-level security vulnerability assessment of our web and mobile application to identify potential vulnerabilities. The third-party firm performs testing procedures to identify standard and advanced web application security vulnerabilities.
