Here is what you need to know about the New Relic agent and security. For additional information, see Data security.
For more information about New Relic and Security, see New Relic Security.
Disclosure and audit
The New Relic agent is a publicly accessible plugin for Ruby, Java, .NET, Node.js, PHP, and Python web applications. The Ruby source code is readily available. New Relic does not do any dynamic code generation over the wire, so using the agent will not introduce any code into your application without your knowledge.
The Ruby agent is an open book. While the other agents use other mechanisms for instrumenting code, their behavior within your environment is similar. If you are concerned about what New Relic's software sees and does, you could audit the Ruby agent.
In order to help us improve our product and user experience, New Relic uses third-party analytics services to better understand the behavior of users on our site. The user data that New Relic collects is used solely by New Relic and is not shared, sold, or rented to any third parties for their own use.
Hosting and data storage
New Relic is self-hosted with co-location services called Server Central in a tier 3 data center in Chicago. New Relic uses standard best practices to maintain a firewall for our servers and to protect our servers from unauthorized login.
All data is stored in a cluster of MySQL databases. Metric data is not encrypted, nor are transaction traces or errors (although they are stored in a compressed serialized format). New Relic data is backed up nightly, and an archive is stored at a secondary data center.
High Security mode
New Relic agents offer high security options to prevent sensitive data from being sent to New Relic. For more information, see High security.
For more help
Additional documentation resources include:
- Data security (collection, transmission, proxies, and masking/obfuscation)
- Data retention (sample data, data aggregation, permanent data storage and aggregation)
- Security options for transaction traces (database queries, HTTP parameters, and customization options for transaction traces)
- Windows security considerations) (Windows server-specific information about using the LocalSystem account to gather, compare, and show extremely precise information about your Windows server's health)
- Security for mobile apps (summary of the measures New Relic takes to protect your mobile application's security and your users' privacy)
- Security for New Relic Browser (reported data, browser types, browser trace details, CDN access, cookies, JSONP requests)