Make an appointment
Sign up for our newsletter

Platform security

DAMAaaS a cloud-native platform accessible via any modern browser, designed to deliver both seamless performance and maximum security.

We provide enterprise-grade security, ensuring full data compliance and data privacy for every user.

Discover our security architecture and infrastructure standards:

 

Application security: core protection

Security: Data confidentiality and integrity are guaranteed by the application’s code.

Modern cyber threats are increasingly targeting the software layer rather than the network. DAMAaaS data integrity and confidentiality through a proactive Security-by-Design approach.

A Robust and Proven Tech Stack

We leverage industry-standard, battle-tested technologies to ensure a reliable foundation. Our stack is optimized to mitigate risks while maximizing maintainability and performance:

  • Database: MariaDB (MySQL) 
  • Backend: PHP with the CodeIgniter Framework
  • Frontend: HTML5, JavaScript, and jQuery

Granular Access Control

We implement multi-layered permission management to ensure complete data isolation:

  • User Interface (UI): Users only see the features and views they are authorized to access.

  • Application Logic: The platform strictly enforces authorized workflows and actions.

  • Data Layer: Only authorized records are retrieved from the database, preventing unauthorized data exposure.

Proactive Data Validation

We perform systematic input sanitization and validation to protect against common vulnerabilities, including SQL injection, XSS (cross-site scripting), and CSRF (cross-site request forgery).

Access and Identity Security

Identity and Access Management (IAM)

Seamlessly manage user identities and enforce granular access controls using built-in security features:

  • Advanced Password Policies: Default 12-character complexity requirements reinforced by anti-brute-force protection.

  • IP-Based Access Control: Restrict access to sensitive applications to specific IP ranges (e.g., corporate offices). This native, per-app feature includes a secure email-based bypass for authorized remote access.

  • Multi-Factor Authentication (MFA): Enhance security with app-based OTPs (one-time passwords). This built-in feature can be enabled on a per-application basis for maximum protection.

Permissions & Activity Monitoring

  • Intuitive Access Management: Manage individual and group permissions using DMatrix (by INAGUA), our proprietary visual rights matrix. It provides a comprehensive yet streamlined single-page overview of all user rights.

  • Comprehensive Audit Trails: Maintain full transparency with a complete version history. Every data change is logged along with the user’s identity, a precise timestamp, and details of the specific fields updated.

This multi-layered security framework ensures that DAMAaaS the most stringent corporate compliance and governance requirements.

 

Business Continuity & Disaster Recovery

Data Protection & Disaster Recovery (BCDR)

Redundant Backup Infrastructure

  • Geographic Redundancy: A dedicated backup infrastructure is hosted in a separate, geographically distant data center.
  • High-Frequency Sync: Production data is synchronized with the recovery site every hour.
  • DRP Testing: We conduct regular Disaster Recovery Plan (DRP) drills to ensure immediate operational readiness.

Backup Strategy & Retention All DAMAaaS and data are backed up hourly and stored across two separate sites in accordance with a strict retention policy:

  • Hourly snapshots: Retained for 4 hours.
  • 4-hour snapshots: Retained for 24 hours.
  • Daily backups: Retained for 7 days.
  • Weekly backups: Retained for 5 weeks.
  • Monthly backups: Retained for 12 months.

Recovery Objectives (RPO & RTO)

  • Recovery Point Objective (RPO): 1 hour. Our hourly synchronization ensures that no more than 60 minutes of data is ever at risk.
  • Data Synchronization: Traffic failover to our secondary infrastructure is completed within minutes.
  • Recovery Time Objective (RTO): 4 hours. For customers with a paid subscription (upgraded from the free version), we guarantee a return to full service within 4 hours.

Talk to our experts

Do you have specific compliance requirements? Let’s discuss your project.