Wolke maintains a formal and comprehensive security program to protect customer data, to detect security threats or data breaches, and to prevent unauthorized access. The following compliance resources can assist your compliance and legal teams in understanding and validating compliance requirements for your organization.
Our customers serve as the data controller while One people is the data processor. You have full control over the data entered into services, as well as the setup and configuration. We only process your data, so you won’t have to rely on us for day-to-day tasks such as:
- Managing security authorizations and roles
- Developing new forms and reports
- Setting up business process flows, alerts, rules, and more
- Making changes to the organizational structure
- Tracking all business transactions
- Analyzing all historical data and changes in configuration
Every attribute of customer data is encrypted before it is stored in a database. The Advanced Encryption Standard (AES) algorithm is used with a key size of 256 bits and a unique encryption key for each customer.
Additionally to providing a layer of protection for networks against passive eavesdropping, active tampering, and message forgery, Transport Layer Security (TLS) also protects user access to the internet. Integrations of files can be encrypted using PGP or a public/private key pair generated by One people, using a certificate generated by the customer.
Physical & Network Security
One people is hosted in the Microsoft Azure Data Center. Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and the datacenter resources. Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor.
We analyze all internet-facing assets, including firewalls, routers, and web servers for weaknesses that may allow unauthorized access. Additionally, an authenticated internal vulnerability network and system assessment is performed to identify possible weaknesses and inconsistencies with general system security policies.
The network intrusion prevention systems (IPSs) monitor critical network segments for atypical traffic patterns in the customer environment, as well as traffic between tiers and services.
Software Development Cycle
To help ensure the security of One people and its addons, Wolke has implemented a Secure Software Development Life Cycle (SDLC)
Third-party expert firms provide Wolke with independent network, system, and application vulnerability assessments.
Application Testing & Security Audits
Prior to every major release, our web and mobile applications are analyzed for application-level security vulnerabilities by third parties. As part of our testing procedures, we identify standard and advanced web application security vulnerabilities, including, but not limited to:
- AJAX security weaknesses
- CSRF (cross-site request forgery)
- Poor input handling (such as cross-site scripting, SQL injection, XML injection, and cross-site flashing)
- XML and SOAP attacks
- Poor session management
- Inconsistent data model constraints and insufficient data validation
- Insufficient authentication or authorization
- HTTP response splitting
- Misuse of SSL/TLS
- Use of unsafe HTTP methods
- Misuse of cryptography
Frequently Asked Questions
Check out the questions and answers below for more information about One people