Each customer data is encrypted plus extra measures (During transmission and at rest). Passwords are secured in a comprehensive manner. The user password follows industrial secured standards.
Encrypt data at rest & Transmission
- Data is encrypted at rest and during transmission. No plain text is processed.
- The password is hashed using a state of the art technology.
Monitoring and Protocols
Overview of activities on resources:
- Asset Management and Configuration
- Audits and security analyze
- Detailed information on network processes
- Rule-based checks and actions for configuration
- Filtering and monitoring HTTP access to applications
- Data is transmitted via TLS
- Allow only authorized administrators, users, and applications
- Multi-Factor Authentication (MFA)
- Individually defined access to objects
- Authentication of API requests
- Geographical restrictions
- Temporary Access Tokens with Security Token Service
- We allow customers the transparency to be aware of where their data is stored, including storage type and a geographic storage region.
- We set the secure status of our customer's content and provides reliable encryption for customer content during transmission and storage.
- We manage access to our customers content and services and resources through users, groups, permissions, and credentials that customers control.
Security by Design:
- Forcing functions are to be created which cannot be overwritten by users without corresponding modification authorization.
- Establish reliable execution of controls
- Enable continuous real-time inspection
- The technical scripting of governance policies is performed
Our data center provider has recognized certifications and accreditation that demonstrate compliance with strict international standards. These include: ISO 27001 for technical measures, ISO 27017 for security in the cloud, ISO 27018 for data protection in the cloud, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and certain certifications specific to the EU, such as the Cloud Computing (C5) and ENS High requirements catalog. Our data center provider also recently announced compliance with the CISPE Code of Conduct.