Beyond Compliance: Confluent's Commitment to Trust and Transparency

In today's fast-paced digital world, real-time data streaming has become indispensable for modern enterprises, powering everything from instant insights to enhanced customer experiences. As organizations move critical data infrastructure to the cloud, the need for robust security, risk management, and unwavering compliance is more important than ever. According to the 2025 Data Streaming Report, investments in security remain among the highest priority for 94% of surveyed IT leaders.

Enterprise leaders face a tough choice: Move fast to gain a competitive advantage or move cautiously to ensure security and compliance. At Confluent, we believe you can do both—because security should accelerate your cloud adoption, not hinder it. For our customers to fully embrace the power of data streaming in the cloud, a strong foundation of trust is essential.

Today marks a significant milestone in Confluent's commitment to enterprise security and trust. As Field Chief Information Security Officer (CISO) leading our Office of the CISO organization, I'm announcing three interconnected initiatives that reinforce our commitment to trust through transparency.

• Confluent’s Trust Principles: The foundation of our enterprise-grade security posture

• Signing the Secure by Design Pledge: A voluntary commitment coordinated by the Cybersecurity and Infrastructure Security Agency (CISA)

• Transparency Through Documentation: Four white papers detailing our security posture

Our Foundation: Six Core Trust Principles

Enterprise security is built on principles that guide every decision and every feature. We are formally announcing Confluent’s Trust Principles, the foundational commitments that drive our security posture:

• Customer needs guide our priorities. We continuously enhance our service to meet your evolving security and compliance needs.

• Security is foundational to everything we build and operate. It's embedded in everything we build and operate, from development to operations.

• Customers own their data and we empower them with control over their data. We empower you with control through features like encryption key management and granular access controls.

• Transparent communication about security, data handling, and incident response. We believe in open communication about security, data handling, and incident response via our Trust Center and clear incident management processes.

• Compliance is built into our platform and processes and verified by independent third parties. Our service and processes are verified by independent third parties through rigorous certifications and attestations.

• Reliable and resilient service is fundamental. Our high availability enables your business continuity and resilience goals, with increased uptime commitments for multi-availability zones clusters.

Our Secure by Design Pledge to CISA

Confluent is signing the CISA Secure by Design Pledge, a voluntary commitment by leading software manufacturers to build greater security into their products from the start. This pledge addresses critical areas like multi-factor authentication, vulnerability reduction, and transparent vulnerability disclosure.

For us, this isn't a new direction. It's a formalization of the security-first approach we've had since day one. Confluent already exceeds these requirements through its zero-trust architecture, defense in depth, and secure by design practices.

Enhanced Transparency Through Detailed Documentation

We are releasing four comprehensive white papers to provide you with detailed insight into our security posture:

• Building Trust With Confluent Cloud: An overview of our multi-layered framework, showcasing our defense-in-depth and zero-trust strategies

• Confluent Cloud Security and Compliance Shared Responsibility Model: A clear guide to the security responsibilities of both Confluent and our customers. This clarity helps your teams with risk management and compliance planning

• Data Residency and Resiliency in Confluent Cloud: Details on our global infrastructure, disaster recovery strategies, and data sovereignty controls for enterprises with strict data residency requirements

• Confluent Vulnerability Management: Our proactive approach to identifying, assessing, and remediating vulnerabilities, including our bug bounty program

These resources, along with our SOC 2 Type 2, ISO 27001, and ISO 27701 certifications, are available in our Trust Center. This means you can verify, validate, and audit our claims with comprehensive documentation and third-party attestations.

The Bottom Line for Executive Leaders Evaluating the Confluent Data Streaming Platform

Today's threat landscape and regulatory environment demand more than just a check-the-box approach to security. They require a foundation of deep, verifiable trust. By combining our foundational principles with public accountability and actionable transparency, we are providing you with the tools to confidently accelerate your business initiatives without compromising on security.

You no longer have to wonder how your data is protected. You can examine the detailed documentation and make informed decisions based on comprehensive information.

Ready to move your business forward with confidence? Explore our Trust Center to learn more.