Disclaimer: We are committed to securing and protecting the privacy of your data stored in our services. Your data stored in our database can only be accessed by authorized personnel to ensure service reliability. Access is restricted tightly and monitored using both logical controls and management processes.
Data encryption is the process that transforms plain text data into encrypted data. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext. Data, or plaintext, is encrypted with an encryption algorithm and an encryption key. The process results in ciphertext, which can only be viewed in its original form if decrypted with the correct key. This allows only authorized parties possessing valid decryption keys to read the data.
Data created, exchanged, and stored in an organization is one of its most valuable assets. Securing that data from compromise and unauthorized access is one of our very top of your priorities.
Our databases use encryption in transit from application client to server and within intra-cluster communications by using a set of certificates for the servers. We use Let's Encrypt known certificates to authenticate TLS enabled clients once they pass access and authentication controls.
Authentication and authorization are not enough to fully secure your data, which must be encrypted over the wire or on disk. Our databases encryption offers the following features:
Note: Technical and organizational measures protect these servers against unauthorized persons' loss, destruction, access, change, or distribution of your data. A few authorized persons can only access your stored data. These persons are responsible for providing technical, editorial, and commercial support for the servers. However, despite regular checks, it is impossible to provide complete protection against all dangers.
Disclaimer: All connections between our apps use TLS v1.3 protocol
TLS stands for Transport Layer Security and is the successor to SSL (Secure Sockets Layer). Transport Layer Security (TLS) provides secure communication between servers and web browsers. The connection itself is secure because cryptography is used to encrypt the data transmitted.
As a cryptographic protocol, TLS encrypts data and authenticates connections when moving data over the internet via HTTP—an extension of the protocol known as HTTPS (Hyper Text Transfer Protocol Secure). When a user visits a website, their browser checks for a TLS certificate on the site.
If one is present, their browser performs a TLS handshake to check its validity and authenticate the server. Once a link has been established between the two servers, TLS encryption and SSL decryption enable secure data transport.
Private keys are generated uniquely for each connection and based on a shared negotiated secret at the beginning of the session, also known as a TLS handshake.
HTTPS performance has been made faster and safer for every user and device. TLS 1.3 protocol provides unparalleled privacy and performance by reducing latency and hardening the security of your encrypted connections compared to previous versions of TLS and non-secure HTTP.
TLS 1.3 offers several improvements over earlier versions, most notably a faster TLS handshake and simpler, more secure cipher suites and Zero Round-Trip Time (0-RTT) key exchanges further streamline the TLS handshake. Together, these changes provide better performance and stronger security.
Benefits of TLS v1.3:
Disclaimer: All externally exposed API queries require successful authentication. Only a logged-in and authenticated user can make requests to our available APIs.
To authenticate a user, a client application must send a JSON Web Token (JWT) in the authorization header of the HTTP request to your backend API.
API Gateway validates the token on behalf of your API, so you don't have to add any code in your API to process the authentication.
A JSON Web Token will be returned when the user logs in using their credentials.
JSON Web Tokens are an open, industry-standard RFC 7519 method for representing claims securely between two parties.
We are using JSON Web Tokens for the following scenarios:
The term "privileged access management" is used in an enterprise environment to designate special access or abilities above and beyond a standard user. Privileged access allows organizations to secure their infrastructure and applications, run the business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.
While privilege management encompasses many strategies, a central goal is the enforcement of least privilege, defined as the restriction of access rights and permissions for users, accounts, applications, systems, devices (such as IoT) and computing processes to the absolute minimum necessary to perform routine, authorized activities.
The domain of privilege management is generally accepted as falling within the broader scope of identity and access management (IAM). Together, PAM and IAM help provide fined-grained control, visibility, and auditability over all credentials and privileges.
While IAM controls provide authentication of identities to ensure that the right user has the right access at the right time, PAM layers on more granular visibility, control, and auditing over-privileged identities and activities.
By dialing in the appropriate level of privileged access controls, PAM helps organizations condense their organization's attack surface and prevent, or at least mitigate, the damage arising from external attacks as well as from insider misconduct or negligence.
All available roles:
One of the biggest shortcomings of a traditional user ID and password logins is that passwords can be easily compromised, potentially costing organizations millions of dollars. Brute-force attacks are also a real threat, as bad actors can use automated password cracking tools to guess various combinations of usernames and passwords until they find the right sequence.
An authentication factor is a special category of security credential used to verify the identity and authorization of a user attempting to gain access, send communications, or request data from a secured network, system, or application.
Disclaimer: We are currently supporting 2FA (two-factor authentication) via Google.
The SaaS provider has a clearly defined policy for patching internal systems and dealing with security issues.
Below is a summary of the process, and in the following sections, we’ll go into more depth about each step:
The system is being developed and checked in accordance with the following security features:
1. Basic Application Security
1.1 Input and Data Validation
1.4 Configuration Management
1.5 Sensitive Data
1.6 Session Management
1.7 Exception Management
1.8 Auditing and Logging
2. Specific Application Features Security
2.1 Tenant Data Isolation
2.2 Tenant Data Privacy
3. Operating System and Network Security
3.1 Firewall Protection
3.2 Anti-virus Protection
3.3 Operating System updates & Hot Fixes
3.4 Frequent updates to the system platform to protect from known vulnerabilities