Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The entire platform infrastructure is hosted on Microsoft Azure (West US & EUWest Europe regions), protected by advanced Layer-7 routing and load-balancing devices, network security groups, web application firewalls, and DDoS Protection. Management of the infrastructure is allowed via the Azure portal, utilizing conditional access policies and strong MFA for secure access to both the portal and the virtual machines. The virtual network infrastructure is based on Azure Virtual Network, utilizing separate subnets for each platform component type, different network security groups for fine-grained control of permitted traffic between components and subnets, firewalls, as well as accelerated networking for the virtual machines.

...

  • All platform data reside in MS SQL databases hosted on Azure premium SQL managed disks instances and in Azure Files containers, both encrypted at rest using Transparent Data Encryption (TDE) and Azure storage service encryption (SSE).

  • In addition, specific type of data (marked as critical/sensitive) such as contact’s First Name, Last Name, Mobile Phone and Email are further stored encrypted within the MS SQL database tables using SQL Server column-level encryption with AES-256 (certificates are used to safeguard encryption keys, which are used to encrypt data in the database).

  • SHA-256 is used for secure password hashing.

  • Data in transit are encrypted with TLS 1.2 and higher.

...