Security overview

Security stands as our top priority at CentralCI. We're dedicated to implementing industry best practices and building our customers' trust. We achieve this by ensuring rigorous security standards govern every aspect of our system, from network connections and data storage to our internal operational processes.

Secure connections

• SSL/TLS encryption All connections to CentralCI are secured with SSL/TLS encryption, protecting your data from third-party interception or tampering during transit over the internet.

IP allowlist support

CentralCI's IP Allow feature provides an additional security layer by restricting access to only trusted IP addresses. Available on all plans, this feature lets you specify individual IP addresses, ranges, or CIDR notation to control access to your Concourse instance, effectively blocking unauthorized connection attempts. For implementation details, refer to the Configure IP Allow documentation.

Geographic access controls

CentralCI implements geographic blocking to protect your infrastructure from high-risk regions known for state-sponsored attacks, bot networks, and compromised infrastructure. We automatically block access from 59 countries that represent the highest concentration of malicious activity, including nation-state threat actors (Russia, China, North Korea, Iran), failed states with zero governance (Somalia, Haiti, South Sudan, Central African Republic), regions with extensive scanning operations (Bangladesh, Pakistan), conflict zones with unmonitored infrastructure (Syria, Yemen, Libya), and Pacific microstates with histories of domain abuse and compromised hosting. This protection is enabled by default on all instances and significantly reduces automated attack traffic while maintaining access for legitimate users in USA, UK, EU, and our supported deployment regions. Authorized users traveling to blocked regions can access their instances through corporate VPNs or by adding their specific IP addresses to the IP allowlist.