SECURITY AND COMPLIANCE

At Indigo Cloud, we take the security of your system and data very seriously. One of our first considerations when designing our cloud based debt collection software, DebtView was the ongoing commitment to security provided by our cloud partner. We believe Microsoft Azure offers that level of commitment and provides a solid foundation on which to build a globally accessible yet secure solution.

Microsoft has achieved more certification in security and compliance than any other cloud provider. Microsoft was also the first major cloud provider to adopt the new international cloud privacy standard, ISO 27018.

For a more detailed look at their security and compliance offering in Azure, please visit the Microsoft Azure Trust Centre where you read case studies, white papers and much more. You can also view a complete list of certifications.

But it doesn’t end there, you need a layered approach to security for it to be truly effective. Which is why in DebtView, we have utilised many layers of defence as detailed below. The built in security features in DebtView are included in your subscription. These features should suffice for most smaller organisations. But we recognise that for some, there may be more stringent requirements. For that reason we have introduced a series of premium security and compliance features which you can purchase to help you meet your regulatory and/or compliance goals.

AZURE CERTIFICATIONS

Cloud Security Alliance

HIPAA & The HITECH Act

ISO/IEC 27018

PCI DSS

SOC 1, 2 & 3

Standard Security Features

The following security and compliance features are included with your subscription at no additional cost.

Automated Patch Management

The underlying server and network infrastructure is fully managed and maintained by qualified Microsoft engineers. This includes all required OS and security patches.

Database Server Firewall

Firewall rules are in place to ensure that only authorised IP addresses have access to the database server directly. This prevents hackers being able to connect directly to the database.

Database Backup

SQL Database automatically performs a combination of full database backups weekly, differential database backups hourly, and transaction log backups every five – ten minutes to protect your business from data loss. These backups are stored in geo-redundant storage for 7 or 35 days depending on your service tier. The full and differential database backups are also replicated to a paired data centre for protection against a data centre outage.

If you need to retain copies of your backups for longer than 35 days, you can purchase our Long-Term Data Retention package.

Data Encrypted in Transit

Traffic from DebtView is encrypted using industry standard SSL/TLS protocols to prevent hackers seeing clear text data including personal data and passwords during transit.

Data Encrypted at Rest

Data stored in the database is encrypted while at rest so that in the event of someone gaining access to the database they would not be able to read that data. This encryption also applies to database backups and copies.

Database Auditing

To assist with compliance and analysis of security incidents, database auditing is enabled by default. The following events are audited: Plain SQL, Parameterized SQL, Stored Procedure, Login and Transaction management. Each of these are logged for Success and Failure.

Database auditing logs are retained for 10 days. If you need to retain copies of your audit logs for more than 10 days, you can purchase our Long-Term Data Retention package.

Database Threat Detection

Database Treat Detection is enabled by default and sends an alert by email to our support desk if a suspicious event is detected. The following threats are monitored: SQL injection, SQL injection vulnerability, Anomalous client login.

Storage Encryption (Coming Soon)

Files and documents stored outside of the database e.g. copy letters, scanned/uploaded documents are stored in a special storage area within Azure. This is different to a standard database. Storage encryption ensures that these files/documents are encrypted at rest to prevent unauthorised access.

Storage Replication

Locally redundant storage (LRS) replicates your data three times within a storage unit, which is hosted in a datacentre in the region in which your DebtView service is hosted. A write request returns successfully only once it has been written to all three replicas. In case of a hardware fault within the datacentre, your data can be restored from one of the three replicas.

Premium Security Features

The premium features below extend or enhance the standard security and compliance features included with your subscription. Contact us to learn more or check pricing on these features.

Dedicated Database Server

Whilst your database only ever contains your data and is not accessible by or shared with any other customer, we do sometimes host multiple customer databases on a single server. Whilst this is normal practice and there is minimal security risk in this configuration, your compliance policies may require a dedicated database server for your own purposes.

Pricing is dependent on your database size requirements and performance expectations.

Advanced Threat Detection

Advanced threat detection builds on the standard auditing and threat detection service and helps identify active threats targeting your service and provides the insights needed to respond quickly.

The service employs advanced security analytics, which go far beyond signature-based approaches. Breakthroughs in big data and machine learning technologies are used to evaluate events across the entire cloud fabric – detecting threats that would be impossible to identify using manual approaches and predicting the evolution of attacks.

Security analytics that come with Advanced Threat Detection tier are:

Threat intelligence – Looks for known bad actors by using global threat intelligence from Microsoft products and services, the Microsoft Digital Crimes Unit, the Microsoft Security Response Centre, and external feeds
Behavioral analysis – Applies known patterns to discover malicious behavior
Anomaly detection – Uses statistical profiling to build a historical baseline. It alerts on deviations from established baselines that conform to a potential attack vector

Geo Redundant Database Replication

In the event of a data centre outage, it can be difficult and time consuming to restore your database to a new location. With Geo-Replication, your database is automatically synchronised to a separate Azure data centre in the region of your choice. Replication is fully automated, immediate and transparent. If the primary database goes offline unexpectedly we can quickly promote a secondary to become the primary (also called a failover) and configure DebtView to connect to the promoted primary. Whilst this does require a new deployment of DebtView, it is often quicker than trying to restore a database across data centres. In addition, there is likely to be less chance of data loss.

Active geo-replication can also be used to provide better query performance for read-only queries or reporting.

SQL Automatic Failover (Coming Soon)

With automatic failover in conjunction with the geo-replicated database option, there is no need to configure connection strings in DebtView if the primary database is unavailable. The switch is made automatically and in much less time than it would take to restore a database or deploy a new instance of DebtView. This is normally done in just a few seconds.

This option requires a geo-redundant database.

Long Term Data Retention

If your security and/or compliance policies require you to retain audit logs or backups for longer than our standard retention periods we can create you a bespoke data retention policy.

Geo Redundant Storage

By default, your file storage is replicated locally within a data centre (LRS). This is the least durable compared to other options. In the event of a datacentre level disaster (fire, flooding etc.) all three replicas might be lost or unrecoverable. To mitigate this risk, Geo Redundant Storage (GRS) is recommended.

Geo-redundant storage (GRS) replicates your data (uploaded files, copy letters etc.) to a secondary region that is hundreds of miles away from the primary region. If your storage account has GRS enabled, then your data is durable even in the case of a complete regional outage or a disaster in which the primary region is not recoverable.

For a storage account with GRS enabled, an update is first committed to the primary region, where it is replicated three times. Then the update is replicated asynchronously to the secondary region, where it is also replicated three times.

SECURITY AND COMPLIANCE

AZURE CERTIFICATIONS

Standard Security Features

Premium Security Features

Navigation

Get in touch

Customer Reviews