Security in SaaS mode

DAMAaaS is used online and requires an internet connection and a recent version of a web browser, such asChromeorFirefox, to ensure your security.

The SaaS model is fully compatible withuncompromising security, enabling all users to ensure fullcomplianceanddata confidentiality. Learn about the key aspects of the solution’s security and infrastructure.

Application Security

Safety during use, access control, and access restrictions

Disaster recovery site, backups, disaster recovery plan (DRP), disaster management plan (DMP), and disaster impact analysis (DIA)

Application security: security at the heart of the solution

Security: The confidentiality and integrity of your data are guaranteed by the solution's code

These days, malicious attacks no longer target networks or infrastructure, which are generally well protected. The main security vulnerabilities lie in applications.

Appropriate technological choices

We have selected proven and trusted technologies to ensure a set of reliable building blocks.

The goal: to reduce the risk of errors and improve maintainability and security:

MariaDB (MySQL) for the database,
PHP for server-side applications using the CodeIgniter framework,
HTML, JavaScript, and jQuery for the user interface.

Multi-level access management

On the DAMAaaS interface (display only what the user is authorized to see),
Regarding the app's processing (execute only authorized actions),
Regarding hosted data (only retrieve authorized data from the database).

Systematic checks of data validity

Validating every piece of data entered by users prevents attacks such as code injection, XSS (Cross-Site Scripting), or CSRF (Cross-Site Request Forgery).

Vulnerabilities - Top 5 - Silicon.fr article

Safety during use, Access control and restriction

Verify user identities and restrict access to specific groups to ensure security: these features are easy to use!

Set acomplex password(12 characters) as the default, reinforced by a proven system of protection against attacks,
Restrict access to sensitive applications to a group of users identified by one or more IP address ranges; thisis afree optionthat can be enabled on a per-application basis. This feature is useful, for example, for allowing access only from the company’s premises. Access can be extended to other locations after entering a password sent via email.
Require strong authentication for access: a free option that can be enabled on a per-app basis, which generates a random, single-use code—a One-Time Password (OTP)—via a smartphone app.

Enable and track user actions with ease:

Grant permissions to groups or individuals with just a few clicks, using a visual, comprehensive, precise, and concise access rights matrix (DMatrix – copyright INAGUA) displayed on a single page
Display, for each record, the complete history of changes made to the data by users of an application (user, date, fields modified).

These security features make DAMAaaS a must-have formanaging your compliance requirements.

Disaster recovery sites, backups, PRA, PDMA, and DMIA: everything you need for your security!

Safety:

Backup site

DAMAaaS has abackup infrastructure hosted in a remote data center,
All production data issynchronized hourly on this replication infrastructure,
Disaster recovery testsare conducted regularly on this infrastructure(DR).

Backups

All DAMAaaS applications and the data they contain are backed up hourly and stored at two separate locations with the following retention periods:

Backups are retainedevery hour for 4 hours,
Backups are retainedevery 4 hours for 24 hours,
Backups are retaineddaily for 7 days,
Retain one backupper week for 5 weeks,
Backups are retained for 12 months, with one backup created each month.

The Maximum Allowable Data Loss (PDMA) and Maximum Allowable Downtime (DMIA) displayed:

Synchronization occurs every hour at the backup site, resulting in amaximum allowable data loss of 1 hour,
It takes only a few minutes for traffic to be redirected to the backup site's infrastructure.
If you have a contract with INAGUA (the publisher of DAMAaaS) and no longer use the free version of the solution, the Maximum Allowable Downtime is set at 4 hours.