Your Security and Privacy are Important to us
Binadox SaaS management platform prioritizes security and privacy of its users. Binadox provides enterprise-class security and ensures that your organization’s data is completely private and protected.
Secure Your Access
OAuth-based authentication. External OAuth providers support (e.g. Google) and policy-based access for internal controls.
Data Encryption at Rest and in Transit
All sensitive data is encrypted at the application level using AES-256 GCM encryption and served over secure connections to customers.
Hosting and Physical Security
Binadox servers are hosted on Amazon Web Services (AWS). As such, Binadox inherits the control environment which Amazon maintains and demonstrates via SSAE16 SOC 1, 2 and 3, ISO 27001 and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers. Physical access is restricted to authorized personnel. Premises are monitored and access is logged.
You can read further about AWS security and certifications here: aws.amazon.com/security/
Isolation of Services
Binadox servers run in Docker containers which are isolated from one another and from the underlying hardware layer. Server processes are restricted to a particular directory and do not have access to the local file system.
Binadox services are accessible only over HTTPS. Traffic over HTTPS is encrypted and is protected from interception by unauthorized third parties. Binadox uses only strong encryption algorithms with a key length of at least 128 bits. Binadox servers deny access to other ports, except that SSH access (protected by TLS and private key authentication) is enabled for administration. Administrative access is granted only to select employees of Binadox, based on role and business need.
Access to databases used in the Binadox is limited to interhost communication only.
All network access, both within the data center and between the data center and outside services, is restricted by firewall and routing rules. Network access is logged and logs are retained for a minimum of 30 days.
Clients login to Binadox using a password which is known only to them and done only over secure (HTTPS) connections. Clients are required to have reasonably strong passwords. Passwords are not stored unencrypted; instead, as is standard practice, only a secure hash of the password is stored in the database. Because the hash is relatively expensive to compute, and because a “salting” method is used, brute-force guessing attempts are relatively ineffective, and password reverse-engineering is difficult even if the hash value were to be obtained by a malicious party.
End-user Auditable Logs
Complete and auditable end-user logs of key activities.
Reporting Security Issues
At Binadox, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. We have implemented a responsible disclosure policy to ensure that problems are addressed quickly and safely.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. Please contact us at firstname.lastname@example.org.