Each customer data is encrypted plus extra measures (During transmission and at rest). Passwords are secured in a comprehensive manner. The user password follows industrial secured standards.
Encrypt data at rest & Transmission:
- Data is encrypted at rest and during transmission. No plain text is processed.
Password Hashing:
- The password is hashed using state-of-the-art technology.
Monitoring and Protocols:
Overview of activities on resources:
- Asset Management and Configuration
- Audits and security analyze
- Detailed information on network processes
- Rule-based checks and actions for configuration
- Filtering and monitoring HTTP access to applications
- Data is transmitted via TLS
Access Control:
- Allow only authorized administrators, users, and applications
- Multi-Factor Authentication (MFA)
- Individually defined access to objects
- Authentication of API requests
- Geographical restrictions
- Temporary Access Tokens with Security Token Service
Data privacy:
- We provide our customers with the transparency of knowing where their data is stored, including the storage type and geographic storage region.
- We determine the security status of our customers' content and provide robust encryption of customer content during transmission and storage.
- We manage access to our customers' content, services and resources through users, groups, permissions and credentials controlled by the customers.
Security by Design:
- Forcing functions are to be created which cannot be overwritten by users without corresponding modification authorization.
- Establish reliable execution of controls
- Enable continuous real-time inspection
- The technical scripting of governance policies is performed
Our data centre provider holds recognised certifications and accreditations that demonstrate compliance with strict international standards. These include: ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud data protection, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and certain EU-specific certifications such as the Catalogue for Cloud Computing (C5) and ENS High Requirements. Our data centre operator has also recently announced compliance with the CISPE Code of Conduct.