Workload Security Trust Center

As a global leader in security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. With more than 30 years of security expertise, we're recognized as the market leader in server security, cloud security, and small business content security.

Trend Micro Cloud One™ - Workload Security provides world-class security to cloud workloads. This offering is hosted through Amazon Web Services (AWS) and offers workload protection through the installation of Deep Security Agents.

Trend Micro is committed to earning and preserving the trust of our customers. The following resources demonstrate our commitment to security, privacy, transparency, and compliance to industry-recognized standards.

certificate icon
lock icon
shield icon


ISO 27001


Workload Security Data Collection Notice

Privacy Policy



Workload Security is certified as a PCI DSS level 1 service provider.

Coalfire, a Qualified PCI Auditor, has certified Workload Security according to version 3.2 of the PCI Data Security Standard. The Attestation of Compliance is available on request. AWS is also PCI certified.

For more information, see Meet PCI DSS requirements with Workload Security.

ISO 27001

ISO 27001 is an internationally recognized security standard that outlines the requirements for information security management systems. Workload Security has been added to the Trend Micro ISO 27001 certification, as of December 2018. You can view the ISO 27001 certificate on the Trend Micro product certifications site.


Trend Micro and Workload Security were ready for, and have met, all of our obligations under GDPR for May 25th 2018. One key item to note for Workload Security is that, as a data processor under GDPR, our processing of 'personal data' is limited.

  • Where appropriate, we implement Technical and Organization Measures (“TOMs”) to support our processing of data under GDPR.
  • Details on the data processed by Workload Security, and the controls available to you over that data, are documented in the Workload Security Data Collection Notice.

For more information, see the Trend Micro GDPR Compliance site and see Privacy and personal data collection disclosure for information about personal data collection in Workload Security.


How are security logs monitored?

Workload Security protection modules generate security events for the Workload Security production workloads. Security events collected from Workload Security are forwarded to a central SIEM. Security events are generated for all relevant protection modules: Anti-Malware, Firewall, Intrusion Prevention, Integrity Monitoring, Log Inspection. Additional AWS logs (CloudTrail, CloudWatch), system, and database logs are forwarded to the SIEM. Access to Workload Security event management console and SIEM is restricted based on roles.

Workload Security enables automated alerts and employs 24/7 on-call staff. Security logs are reviewed for all systems on a daily basis. If a security incident is suspected, it is immediately reported to the Trend Micro Security Operations Center (SOC). This potential incident is prioritized based on the severity of the suspected incident, and a team from the SOC, as well as technical experts, is assigned to investigate.

How are Trend Micro employees trained?

All Trend Micro employees undergo a security awareness training course upon being hired and on a yearly basis. All employees must adhere to Trend Micro's Internet, Computer, Remote Access and Mobile device acceptable use policies. Failure to comply with these policies may result in disciplinary actions which could include termination.

All new employees and contractors are required to complete a criminal background check.

What are Trend Micro's password policies and standards?

Trend Micro adheres to the following password polices and standards:

  • All passwords must be changed at least on a quarterly basis.
  • Passwords must not be inserted into email messages or other forms of electronic communication.
  • Passwords must not be shared or revealed to anyone.
  • Passwords must be changed immediately if compromise is suspected.
  • Passwords must be encrypted during transmission and stored hashed with a salt.
  • Passwords must be at least eight alphanumeric characters long.
  • Passwords must contain both upper and lower case characters (for example, a-z, A-Z).
  • Password reuse prevention is enforced.
  • Passwords must not be based on personal information, names of family, and so on.

How is access to Trend Micro's infrastructure controlled?

Remote access to Trend Micro’s infrastructure is strictly controlled and monitored. All authentication methods use industry best practices and standards, and include such things as certificate based authentication and multi-factor authentication. Where appropriate, single sign-on (SSO) that leverages Trend Micro's Active Directory is used.

How does Trend Micro handle sensitive information?

In relation to the Workload Security environment, Trend Micro primarily handles data that is collected through the protection policy and security events. Each tenant's information is separated using a dedicated database schema. Access and storage of this information is strictly controlled and is used for diagnostic and support purposes only. Client contact details, such as their email address, are retained encrypted at rest for client management purposes.

What change control practices does Workload Security follow?

Application upgrades within the Workload Security environment are completed after meeting our quality objectives. Trend Micro uses best practices for changes, including full backups and approval processes. Workload Security has multiple dedicated development and testing environments.

Any changes requested are first reviewed by technical stakeholders to determine the urgency and potential impact of the changes. All changes require a documented back-out plan. These changes are tracked and recorded in a change control system.

How is communication secured?

All communication between customers, software, and infrastructure is encrypted using industry-accepted ciphers and algorithms. These ciphers and algorithms are reviewed continuously to determine whether adjustments should be made, such as the deprecation of old or insecure ciphers and cipher suites. To take advantage to these improvements, customers must ensure that their agents are updated regularly.

Encryption keys are stored in AWS KMS. Only a limited number of Workload Security team member have access to the KMS.

How does Trend Micro handle physical security?

All access to Trend Micro offices and networks is strictly controlled to authorized or accompanied individuals only. Access is given through a key card system and approval is required before entry is granted into sensitive areas. The Workload Security infrastructure is hosted in AWS.

What is the Trend Micro incident response plan?

Trend Micro has a dedicated Information Security (InfoSec) team that is responsible for ensuring compliance with Trend Micro security policies. Workload Security engineers immediately contact the InfoSec team when a security incident is discovered. In addition, InfoSec independently monitors Workload Security environment logs.

If a security incident is discovered, the incident is prioritized based on severity. A dedicated team of technical experts is assigned to investigate, advise on containment procedures, perform forensics, and manage communication.

Following an incident, the team examines the root cause, and revises the response plan accordingly.

In the event of a breach involving customer data, Trend Micro will follow its obligations under GDPR. For more information, see

Does Workload Security conduct vulnerability and penetration testing?

Vulnerability scans of the Workload Security production environment are performed weekly by a PCI authorized scanning vendor (ASV), A PCI ASV attestation is obtained quarterly. The same vendor is used for automated weekly internal scans of the Workload Security Virtual Private Cloud (VPC).

Workload Security software and the Workload Security production environment undergo yearly penetration tests conducted by third-party security experts to detect and rectify common security issues. The scope of the third-party penetration tests includes application security tests, internal and external network scans, and network segmentation tests.

Trend Micro InfoSec conducts web application assessments of Workload Security for any major release and at least annually using leading dynamic analysis security tools.

The Workload Security code base is scanned weekly using a leading static analysis security tool. The development team receives automated alerts if new issues are identified, and a clean scan is a requirement for each product release.

Third-party components included with Workload Security are monitored continuously using a leading software composition analysis tool. Scans are executed as part of nightly builds to automatically detect newly introduced third-party software.

Does the development team follow secure coding practices?

Workload Security software developers are trained in secure coding practices using an industry-standard curriculum based on SANS 25/OWASP Top 10/PCI 6.5. Education campaigns are conducted on an annual basis and when an employee joins the company.

The Workload Security development team employs specialized staff to handle product security.

Security testing, secure code review, and threat modeling are part of the development lifecycle.

How are vulnerabilities and patches handled?

Vulnerabilities are continuously monitored and tracked. Each vulnerability is assigned a CVSS score. Patching requirements that specify time frames for addressing a vulnerability according to CVSS-based severity are included in the Secure Development Compliance Policy. The Workload Security software in the Workload Security environment is updated weekly to use the latest available code base, including vulnerability fixes.

The Workload Security team is responsible for patching the Workload Security software and supporting AWS services. The client is responsible for updating the Deep Security Agents deployed on client workloads.