Hosting and Physical Security
Openprise uses Amazon Web Services (AWS) to host our servers. AWS is a premier cloud hosting company with a strong track record for security and trusted by the world’s largest companies. AWS servers are located in highly secure data centers. Physical access is restricted to authorized personnel. Premises are monitored and access is logged.
You can read further about AWS SOC 2 security and certifications here: aws.amazon.com/security/
Isolation of Services
Openprise services are accessible only over HTTPS secured connections. Traffic over HTTPS is encrypted and is protected from interception by unauthorized third parties. Openprise uses strong encryption algorithms with a minimum key length of 256 bits.
All network access, both within the data center and between the data center and outside services, is restricted by firewall and routing rules. Network access is logged and logs are retained for a minimum of 30 days.
Openprise uses a three-tier data security model to help you control data access for your users, to ensure users are only allowed to access the data they are entitled to see and edit.
By default, all services and all data are available to all users within your company account. The data security policies are subtractive policies. Each policy layer acts as a filter to restrict users’ access to data. You can enable any of these 3 security layers independently.
- Access policy – The first level of security is controlling users’ access to the services. You can choose to restrict access by organization.
- Data ownership policy – Once a user has access to a service, the second level of security controls what subset of data each user is allowed to see. You can set policies to filter data for users from each organization.
- Data redaction policy – Once a user can see data, the third level of security controls how each attribute is presented to users. For example, you can mask social security numbers or scramble employee IDs.
Openprise users log in to the system using email address and password. Openprise requires the use of reasonably strong passwords. Passwords are not stored in clear text, but as a secure hash. The hash is used because it is a good counter against common password guessing attacks and attempts to reverse engineer passwords from the hash.
Resetting a password requires access to a user’s registered email and the reset action is time limited.
Excessive failed login attempts will result in an account being automatically locked out.
If a session becomes inactive for a period of time, the user is automatically logged out and is required to authenticate again.