Application & Platform Security
The Azuqua platform is designed to support interoperability between systems and does not inspect, store, or interact directly with sensitive customer data unless instructed and authorized to do so. We provide a highly secure environment for customers to perform sensitive data manipulations with high confidence that proprietary data will not be exposed.
- Organization’s artifacts including FLO execution history and tables are stored in an account-specific repository. Each customer is fully isolated from other tenants using role-based access controls so your artifacts and data are never shared with other customers.
- At no point during the integration process does Azuqua store customer data, unless configured to do so. Only connector configuration data such as passwords and secrets are stored. All sensitive account credentials entered by end users are encrypted using a 256-bit key before being stored in our secure data center.
We also store execution-related data to enable customers to have better insight and control over their FLO executions. Execution history can be used for testing and debugging FLOs, re-running a FLO for a particular execution, and long-running FLOs. Any execution data is always encrypted in transit before being stored in encrypted form on our servers.
We have successfully completed a Service Organization Controls 2 (SOC 2) Type II audit with a 3rd-party evaluator certified by The American Institute of CPAs (AICPA). This audit uses the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of our organization’s controls with respect to security, availability, and confidentiality.
Azuqua drives a security program with a focus on product security, infrastructure controls, policies, employee awareness, and assessment activities. We periodically assess our infrastructure and applications for vulnerabilities and remediate those that could impact the security of our customers and their data. Operational processes include, but are not limited to:
• Comprehensive security policies
• Least privilege access
• Regular application and network penetration testing and vulnerability scanning
• Regular external reviews of our security program and audits of adherence to security compliance standards
• Logging and alerting of platform-level security events
• Strong authentication for administrative sessions
• Secure software development lifecycle (SDLC) methodology and standards
• Tight controls and restrictions on administrative rights
Azuqua is accessible across the Internet from secure and encrypted connections using high-grade certificates and unique session tokens for individual user sessions. Data transmissions are protected using AES encryption over untrusted networks so your data is never exposed in the clear. Network access, both within the data center and between the data center and outside services, is restricted by firewall and routing rules.
Networking Monitoring and Protection
Monitoring tools are used to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.
Physical & Environmental Security
Azuqua uses Amazon Web Services (AWS) as its hosting provider. The AWS infrastructure is designed and managed according to security best practices as well as a variety of security compliance standards. AWS uses standard redundant and layered controls, continuous validation and testing, and a substantial amount of automation to ensure that the underlying infrastructure is monitored and protected 24x7.
Business Continuity Management
Azuqua has architected its AWS usage to take advantage of multiple regions and availability zones, providingthe ability to remain resilient in the face of most failure modes, including natural disasters or system failures. All customer metadata, up to the last committed transaction, is automatically backed up on an hourly basis. Backups are verified for integrity and stored in a secure offsite facility.