Product Security Features
Only application administrators are allowed to create users and assign data security rules. The access control is based on a roles hierarchy. Data can be segregated by group of users. All access is governed by strict password security policies with configurable complexity. All activities performed within the application are logged with Audit Trail.
Complete virtual server backups are made on a daily basis. Backups are retained with the following policy: retain the 5 most recent backups as well as the most recent backup from each of the last 7 days, 4 weeks, 12 months, and 1 year.
Monitoring and Vulnerability Management
Boréalis uses third-party security specialists and enterprise-class security solutions (like Qualys) to find & help us fix vulnerabilities in the IT infrastructure and the web application. Reports of latest third party intrusion tests as well Qualys reports are available upon request.
Boréalis uses vulnerability management systems to continuously secure the IT infrastructure against the latest Internet threats. A web application scanning system automatically identifies OWASP top 10 risks including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and URL redirection.
All web applications, network and hardware are constantly monitored by both Boréalis and the managed Infrastructure-as-a-Service (IaaS) providers.
The Boréalis network is protected by enterprise grade firewall and Intrusion Prevention and Detection System (IPS/IDS) to monitor network traffic in order to block a wide range of known vulnerability exploits. The OVH network is protected against DoS/DDoS attack.
Transmission and Session Security
Multiple Internet backbone connections provide routing redundancy and high-performance connectivity. All communications with Boréalis servers are encrypted using high-grade SSL with 256-bit AES, a cryptographic protocol which is designed to provide communication security over the Internet. Encryption keys are securely stored. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.