Security methodology

At WalkMe, information security is a key factor in all aspects. Security processes are in place for covering all organizational and technical areas, from HR and finance, to software development and infrastructure. WalkMe has a structured set of policies that are reviewed, communicated and followed by.

WalkMe performs security assessments, penetration tests, vulnerability scans and internal and external reviews. That way nothing is overlooked, and human mistakes are spotted on time.


Privacy is taken very seriously at WalkMe. Since WalkMe’s service does not require the use of any end user data, it is simply not collected, processed or stored at all. The same applies to all user provided content.


WalkMe is ISO27001:2013 certified, TRUSTe certified, and complies with U.S. Department of Commerce Safe Harbor policies. WalkMe also meets the CSA Security, Trust, and Assurrance Registry requirements, and has earned the highest rating of “Enterprise-Ready” in Skyhigh Networks’ CloudTrust Program. These independent security assessments and certifications give our customers assurance and confidence in WalkMe’s security practices and controls, covering all security domains, from physical, technical, and organizational aspects.

Incidents management

WalkMe’s systems and applications generate a valuable audit trail that provides insight into possible attacks and incidents. All of these logs are collected and processed by a security incident and event management (SIEM) which takes the raw data and turns it into insights. That way WalkMe’s operational department can spot and deal with attack attempts.


Application security

WalkMe’s development is done based on world-wide security best practices. Security review and testing are done as an inherent part of the software development in order to make sure there no vulnerabilities in the application.

Network security

WalkMe network is built with security in mind. From design to implementation, the network follows the principles of segregation and filtering of traffic in several layers.

Deep, layer 7 inspection is applied to all traffic and identifies threats and attack attempts both by signature based mechanisms as well as by behavioral analysis.

Secure interfaces

WalkMe’s service is exposed to the internet only using TLS as its web security protocol. Secure protocols are also used between WalkMe’s components even within the internal network.


WalkMe understands the importance in providing 100% available service. With that vision, WalkMe’s network is built to provide High Availability for every component of the service, from database servers to network load balancers. WalkMe also uses state of the art systems for protecting the service against DDoS attacks.

Access control

WalkMe has a very granular access control matrix allowing very high granularity in defining access rights for users within the application. Access is wrapped in authorization processes and is monitored constantly and reviewed periodically.