We run regular code security reviews during the build process and implement code analyses as part of our CI/CD pipelines. This leads to the final important security layer—the protection of the application and infrastructure during deployment and operations.
The security controls in our platform go beyond those native to the Microsoft Azure cloud hosting platform that we use. In cloud services, security is a shared responsibility. With that in mind,
we continuously monitor and review our resources deployed in Azure:
We cooperate on a monthly basis with 3rd-party companies and we also allow our Enterprise Partners to commence such audits on their own. These audits (black-box and white-box) cover all elements of our System and check on the OWASP recommendations and CVE database for known vulnerabilities.
We implement automated testing frameworks on our own. Not only do they cover the business side of the features, but also the security aspects for the platform. This way we can automatically review the platform for any regressions that could pose a threat to us and our partners.
At Synerise, we make ensuring data security an integral part of what we do. Starting with our development process, we follow OWASP Security Guidelines and other measures used by leading organizations.
Our default type of deployment is cloud-based, resources are shared among users using logical isolation. If you are affected by some more restrictive regulation,
we can also provide service in a private cloud or on-premise. More detailed information about the different types of deployments can be found in the table below.
Thanks to the variety of deployment types, you can keep full control of sensitive data.
We provide the option to define IP address whitelists for both User access to the application and REST API based integrations so that you can limit access only to the IP addresses that are required.
You have the freedom to enforce MFA on people who wish to access your data no matter if they come from your Organization or not.
We use TLS based encryption for transmitted data with safe ciphers and at-rest data encryption based on technologies provided by Microsoft Azure.
Security has been an important part of our process from the very beginning of our SDLC. Static code analysis is a part of our CI/CD process. Additionally, we perform a secure code review of each code change. Last but not least, we also conduct secure architecture reviews and threat modeling.
The heart of our granular permission system is our proprietary api gateway that responsible for permissions and access grants. It is enforced with an application firewall, keeping us safe from various types of attacks.
Our tailor-made permissions system enables you to define granular permissions for both your Users and REST API based integrations, so that you can allow only what is required to support your business needs and not compromise security.
Every action within the platform leaves a trace and we can distinguish three levels in the audit log: System audit log containing logs about every action within the platform, no matter the origin, application audit log that’s accessible from within the platform and end-users event logs that contain information about any action on an end user's profile.
We cooperate on a monthly basis with 3rd-party companies and also allow our Partners to conduct such audits on their own. We have also implemented multiple tools to conduct vulnerability scanning and monitoring on a constant basis starting with source code, going through the platform and our endpoints.
The IAM module that we have implemented supports both user access to the platform and also serves as a business feature that you may implement within your Applications to enable RaaS (Registration as a Service), Apple, Facebook, Google and Oauth based authentication and configure password policies, access controls, session (token) expirations. More new features are coming.