Personal data is highly sensitive. That’s why our top priority is delivering a high-performance solution with a focus on keeping our customers’ data safe and their interactions secure. As a consequence ISO 27001 compliant customers trust us with their data. We've also prepared for GDPR.
Cloud-based software
Cloud-based software is all about providing uninterrupted, reliable service, making information security a major focus for first-rate cloud vendors. Skilled resources, network redundancies, religious data backups, standby power, up-to-date security, and intrusion detection are mandatory components for an enterprise-class service.
Our high levels of performance, availability, and security are achieved through:
Systems security monitoring 24x7x365.
Active performance and availability monitoring of all data centres 24x7x365.
SSAE 16 Type II compliant data centres.
Restricted IP access, role-based application security with flexible single sign-on, data encryption, ongoing vulnerability scanning, and encrypted offsite backups.
Security features: password complexity / administrator-based single sign-out / roles and permissions / access restrictions.
User authentication and access control.
A secure, multi-tenant network architecture.
Frequent, human-driven security auditing via network and application penetration testing.
Regular updates rolled out to all customers, ensuring everyone has the latest application and security innovations.
Transmission Security
Unlike email-based communication, most of which flows unprotected over the Internet, your communication with Gluu is completely protected. All communications with servers are encrypted by default using industry standard SSL from GeoTrust. This ensures that all traffic between you and Gluu is secure during transit.
Access Control
All access to data within Gluu is governed by access rights. Every user who attempts to access your Gluu account is authenticated by username and password. Passwords are required to be minimum 8 characters with special characters and adhere to latest international standards.
Application Security
Gluu maintains a robust application audit log, to include security events such as user logins or configuration changes. The Gluu platform utilizes numerous framework level protections to help prevent Web application vulnerabilities such as cross-site request forgery (CSRF), cross-site scripting (XSS), or SQL injections.
Physical Security
Our infrastructure is delivered through Microsoft’s regional Azure cloud data centres in Dublin and Amsterdam (replicated):
This is compliant with the highest international (commercial) security standards. For further detail: https://azure.microsoft.com/de-de/support/trust-center/
Only two employees have access to our Azure management console.
Support desk
Gluu uses a secure customer communication system that allows communication between users in the app (or via email) and our support staff.
Gluu staff will only access your account if you agree to provide a Gluu support login. This is a decision for your management to make.
Support staff have all access privileges revoked if they leave Gluu. This is done through our “Employee leaving” process.
Tags: IT Support, Technical, Security, Servers