Last updated: October 24, 2016
Openprise is committed to the security of your data in transit and at rest. We adopt security best practices to ensure your data is secure and only authorized users have access to it.
Openprise uses Amazon Web Services (AWS) to host our servers. AWS is a premier cloud hosting company with a strong track record for security and trusted by the world’s largest companies. AWS servers are located in highly secure data centers. Physical access is restricted to authorized personnel. Premises are monitored and access is logged.
You can read further about AWS security and certifications here: aws.amazon.com/security/
Openprise servers run on Linux virtual machines which are isolated from one another and from the underlying hardware layer. Server processes are restricted to a particular directory.
Openprise services are accessible only over HTTPS secured connections. Traffic over HTTPS is encrypted and is protected from interception by unauthorized third parties. Openprise uses strong encryption algorithms with a minimum key length of 128 bits.
All network access, both within the data center and between the data center and outside services, is restricted by firewall and routing rules. Network access is logged and logs are retained for a minimum of 30 days.
Openprise servers deny access to all unauthorized ports, except that SSH access (protected by TLS and private key authentication) is enabled for administration. Administrative access is granted only to select Openprise administrators and IP addresses. Openprise administrators do not access customer data without explicit permission from the customer. Permission is requested only for the purpose of assisting the customer with configuration and debugging.
Customer data in Openprise is encrypted both in transit and at rest.
Openprise uses a three-tier data security model to help you control data access for your users, to ensure users are only allowed to access the data they are entitled to see and edit.
By default, all services and all data are available to all users within your company account. The data security policies are subtractive policies. Each policy layer acts as a filter to restrict users’ access to data. You can enable any of these 3 security layers independently.
By default, users within your account are allowed to see each other, including each other’s rules and alerts. You can restrict users’ visibility to only see oneself.
Openprise users log in to the system using email address and password. Openprise requires the use of reasonably strong passwords. Passwords are not stored in clear text, but as a secure hash. The hash is used because it is a good counter against common password guessing attacks and attempts to reverse engineer passwords from the hash.
Resetting a password requires access to a user’s registered email and the reset action is time limited.
Excessive failed login attempts will result in an account being automatically locked out.
If a session becomes inactive for a period of time, the user is automatically logged out and is required to authenticate again.
When Openprise connects to a data source like Google Drive using user-supplied credentials, where possible this is done using OAuth 2.0. The advantage of using OAuth is that Openprise does not need to store users’ credentials. Openprise simply stores an OAuth token that grants Openprise limited access to users’ data. Users can easily revoke this token at any time. If the data source does not support OAuth and Openprise is required to store users’ credentials, they are encrypted using a 256-bit key. Connections to data sources are via secure HTTPS connections if supported by the data source.
Openprise engineers have been trained in secure coding practices. Openprise application architecture includes mitigation measures for common security flaws such as those in the OWASP Top 10. The Openprise software uses industry standard, high-strength algorithms such as AES. Periodic security tests are conducted, including using scanning and fuzzing tools to check for vulnerabilities.