The confidence you need to deploy at scale

Mural meets and exceeds some of the most broadly recognized security standards and offers flexible enterprise-grade security tools to address compliance requirements, so you can focus on onboarding a collaboration solution for your global teams. This rigorous approach to security is trusted by customers in highly-regulated industries such as financial services, government, and defense.

Key Security Practices

Jump to

Data and information

At Rest: Your data only resides in the production environment encrypted with AES-256.
• In Transit: All network communication uses TLS v1.2, and it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. Qualys' SSL Labs scored MURAL's SSL implementation as "A+" on their SSL Server test.

Backup policy
Our backup processes ensure data and information consistency with highest standards.

Password hashing
Passwords are salted and hashed using the SHA-512 algorithm.

Data residency
Designate the region in which data in a mural is stored to help meet corporate policies and compliance requirements globally. 

Payment information
Payment information is not stored by MURAL and all payments made to MURAL go through our partner, Stripe, a PCI compliant company.

Standards-based identity
We currently support Single Sign On (SSO) with multiple identity providers via SAML 2.0.

Account verification for non-SSO users
Users are required to validate their accounts via a link provided in an automated e-mail.

Two-factor authentication for non-SSO users
Users are required to verify their account with a one-time code in addition to their password.


Secure infrastructure
Our cloud provider is Microsoft Azure. We leverage their tools to setup firewall rules, intrusion, and DMZ policies.

Server patching
We have an automated process that patches our virtual machines on a regular cadence.

Real-time monitoring
We utilize a Web Application Firewall in addition to other technologies to perform real-time monitoring and proactive blocking of malicious user behavior.

All actions on the back-end are logged.

Disaster recovery and business continuity
We have a Disaster Recovery Business Continuity Plan that is routinely tested to maximize availability.

High availability
Every component of our infrastructure has redundancy. We leverage Microsoft Azure Availability Sets and have redundancy in Azure US East and US West.

Full redundancy of core services
Deployments across multiple data centers.

Continuous security assessment
We periodically utilize an independent 3rd party to perform penetration tests. We also run an ongoing public Vulnerability Disclosure Program (VDP) as well as continuous automated security tests

Secure software development lifecycle
We perform the following initiatives in our software development lifecycle: 

  • Security and Privacy Reviews to identify and mitigate risks during the design phase
  • Static analysis tools to scan code during the development phase 
  • Dynamic analysis tools to scan during the testing and post-release stages

Reporting service disruption incidents or maintenance windows
We use to keep everyone up to date. This service provides several notification options to subscribe for notifications.

Move fast, break nothing
We have a formal software development lifecycle methodology and change management procedures.


Vendor selection
All of our vendors offer industry-leading products and go through an exhaustive security audit as a standard part of our vendor management policy, to ensure their practices meet our security and compliance standards.

Our subprocessors can be found here.


Logical Access
Employee’s level of access is determined by role. Logical access reviews are performed periodically and access is immediately removed when no longer necessary.

Endpoint security
Mural uses Pritunl VPN to ensure employees that require privileged access have secure access to our corporate network from multiple endpoints.

Multi-factor authentication
Is enforced for every employee.

Employee asset control
Our employees’ devices are monitored in real time, with antivirus, disk encryption, automatic device blocking, and security patches.

We run background checks and sign confidentiality agreements with all employees. We also regularly train them in Information Security and Secure Development Practices.

Mural security questions?

Mural has a dedicated team of security experts ready to help.
Contact us