Services

Security

Secure data in the cloud. Keep your customers’ data safe in the same way banks safeguard accounts: military grade security.

Access Control

Administrators can control account security settings, manage access to cloud services, and easily manage roles to configure user permissions and privileges.

  • Enforce minimum password length and password complexity.
  • Ensure access lock down for consecutive failed login attempts.
  • Enforce cyclical password changes and prevent reuse of expired passwords.
  • Manage roles to set permissions and privileges by user.
  • Central provisioning and de-provisioning of web applications.

Authentication and Authorization

AppDirect integrates with leading single sign-on (SSO) providers such as Google and Yahoo!. As an identity provider and consumer, AppDirect supports the following leading security protocols:

  • SAML 2.0 to enable web-based authentication and authorization scenarios, including SSO.
  • OpenID to make it easy and secure for users to sign up and access web accounts with SSO.
  • OAuth to ensure secure API authorization in a simple and standard method from desktop and web applications.

Reporting and Audit Trail Policies

AppDirect provides administrators with detailed audit trails for every action or activity that occurs on the platform. We also log and safeguard all audit data for at least one year. Other audit policies include the ability to:

  • Enable administrative access to audit logs for all events on the Application Marketplace and Manager.
  • Record audit trail entries for all system components for every event, including user identification, event type, date and time, success or failure indication, event origination, and identity or name of affected data, system component, or resource.
  • Protect audit trail files from unauthorized modifications.
  • Back up audit trail files to a centralized log server or media that is difficult to alter.
  • Use file integrity monitoring or change detection software on logs to ensure that existing log data cannot be changed without generating alerts.
  • Retain audit trail history for at minimum of one year.
Security Services Illustration 52

Data Encryption

AppDirect uses the latest technology and industry best practices for encrypting data in transit.

  • We encrypt transmission of data across open, public networks with Verisign 256-bit SSL certificates.
  • We store encryption keys in separate secure locations and frequently rotate them.

Network Protection

The AppDirect network goes through constant monitoring and frequent threat assessments to ensure data protection. We enforce policies to:

  • Maintain a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone.
  • Run internal and external network vulnerability scans at least quarterly and after any significant change in the network.
  • Use intrusion detection systems and/or intrusion prevention systems to monitor all traffic at the perimeter and at critical points inside of the customer data environment, as well as alert personnel to suspected compromises.

Data Center Security and Availability

AppDirect uses multiple highly secure data centers to host our servers and data with no single point of failure. Specifically, we:

  • Use data centers that are SAS 70 Type II, PCI, ISO, and HIPAA compliant.
  • Monitor internal resources with warning and critical thresholds configured to alert our 24/7 Support Team of any potential degradation or interruption of service.
  • Use N+1 or greater redundancy for all components of essential systems, including regional redundancy.
  • Deploy anti-virus software on all systems commonly affected by malicious software.

How Is AppDirect More Secure than Desktop Software?

With AppDirect, none of your or your customers’ data is stored on employee computers. If a laptop crashes or gets lost, damaged, or stolen, all of the data remains completely safe. Data is stored in the cloud and continuously backed up in multiple locations so there’s no single point of failure. Additionally, AppDirect is much more secure than transferring physical data files via email or discs, two practices that put your critical business intelligence at risk. Data is transferred securely using 256-bit encryption, keeping your information protected at all times.

Our Information Security Team is at Your Service

To reach the AppDirect Information Security Team regarding an incident or product error, send an email to infosec@appdirect.com. We will respond promptly.

We self-certify compliance with U.S.-EU Safe Harbor and PCI Security Standards.