AppliedInsight Security. Safe and secure
Our AppliedInsight platform meets the highest global standards for cloud security and protection for your data.
Your data is encrypted whenever it is uploaded to the AppliedInsight platform, and at all times within the system, both at rest and in flight:
- In transit – AppliedInsight supports the latest recommended secure cipher suites to encrypt all traffic in transit, including the use of TLS 1.2 or higher, AES-256 encryption, and SHA2 signatures
- At rest - Data at rest in AppliedInsight is encrypted using FIPS 140-2 compliant encryption standards (AES-256), which applies to all types of data at rest within AppliedInsight
Secure Microsoft Azure directory
All data uploaded to the system is virus scanned with Clam AV and rejected if it is found to have failed the scan. Data is then stored in databases which are not exposed externally (via the internet). Access is controlled via group membership in the Microsoft Azure AD B2C directory. All stored data is segregated per customer to prevent transfer between accounts with high level SSL encryption.
Built to deal with internet threats
AppliedInsight provides data isolation per tenant, ensuring data integrity and confidentiality between tenants, and also providing the best possible load performance. Authentication to the system is provided by Microsoft Azure AD B2C, which enables secure identity federation that automatically handles threats like denial-of-service, password spray, or brute force attacks.
Servers in the same geopolitical boundaries as the customer
If requested by the customer, data sovereignty is preserved by storing all confidential data on servers physically located within the same geopolitical boundaries as the customer. Our system is rigorously penetration tested by our automated security checking system.
Strict user control
Our APIs are subject to strict access controls:
- All APIs are accessible only through a dedicated Firewall
- All calls to the API are secured by OpenID authentication against the platform's Azure AD B2C directory
- Users are authorised for access to the specific customer account by an HTTPS request/response to the User Authorisation Service