Network and Infrastructure Security at Deployed
Security is paramount at Deployed, and safeguarding your data is our utmost priority.
We understand that our valued customers rely on Deployed for collaborating on their most confidential and critical documents.
Deployed allocates substantial resources to enhance network security protocols, all aimed at ensuring the safety of your data.
Data transmission between our application and customer endpoints is encrypted using the standard Transport Layer Security (TLS) protocol. TLS guarantees end-to-end encryption.
At Deployed, we employ TLS versions 1.2 and 1.3 and conduct daily checks on our TLS configuration. Our commitment to security is affirmed by our current A+ grade as evaluated by the Qualys SSL Server Test.
We use transparent data encryption (TDE) to encrypt data at rest, automatically encrypting the entire database, including the database files, backups, and transaction logs, using a symmetric database encryption key. This key is protected by a hierarchy of encryption keys managed within Azure, ensuring data security and compliance with industry standards. TDE helps safeguard sensitive data by rendering it unreadable without the proper encryption keys, providing a robust layer of security for data stored in Azure.
We use Azure Front Door and Azure Web Application Firewall (WAF) to protect inbound data. Azure Front Door is a global content delivery network (CDN) that routes incoming traffic through a distributed network of Azure edge locations, improving performance and high availability. Azure WAF, on the other hand, is a layer 7 web application Firewall that inspects and filters incoming requests, blocking malicious traffic, including SQL injection, cross-site scripting, and more.
Azure Network Security Groups (NSGs) focus on controlling outbound traffic from our resources; they allow you to define inbound and outbound security rules that filter and control traffic at the network level. This is particularly useful for implementing security policies and ensuring that sensitive data does not leave your network without proper inspection or authorization.
These combined efforts establish a robust infrastructure, providing comprehensive protection for our applications and data.
We consistently collaborate with independent security experts who conduct thorough penetration tests on Deployed applications and infrastructure, identifying vulnerabilities in the process.
Beyond our routine testing, we initiate extra assessments whenever significant security-impacting changes occur in our applications. The outcomes and recommendations from these tests are diligently monitored, enabling us to prioritize and resolve issues promptly.
Deployed employs Microsoft Defender as a key component in its robust security strategy to monitor, identify, and resolve threats effectively. The system continually monitors the entire network and connected devices, actively seeking signs of known vulnerabilities and potential risks. Microsoft Defender's extensive database of known threats acts as a foundation for this monitoring, allowing it to scan for established vulnerabilities and attack patterns.
Deployed utilizes stringent software security procedures to embed resilience against vulnerabilities into the platform.
Code peer review is an integral part of Deployed's software development lifecycle, encompassing security assessments at every stage.
Deployed has established comprehensive secure coding directives for its engineering teams, setting fundamental security standards for coding practices within the organization. Deployed's guidelines are rooted in the Open Web Application Security Project (OWASP) Secure Coding Practices Version 2.0.
This guidance spans various subjects and aims to tackle the primary origins of vulnerabilities present in all applications deployed on the Deployed platform.
Code Scanning (SAST): Code Scanning, powered by Static Application Security Testing (SAST), proactively identifies a wide range of security vulnerabilities, such as SQL injection, Cross-Site Scripting (XSS), and more, even before the code is compiled. This helps developers catch and rectify these issues in the initial stages of development.
Secret Scanning: Secret Scanning safeguards critical data like API (Application Programming Interface) keys and access tokens, preventing their accidental exposure and potential security risks.
Dependency Review: Dependency Review ensures that changes to dependencies are carefully assessed, helping us identify potential vulnerabilities and compatibility issues before they impact Deployed projects. This proactive approach is crucial for maintaining code quality and security.