Prendre RDV
Recevoir nos infos

Platform security

DAMAaaS is a cloud-native platform accessible via any modern browser, engineered for both seamless performance and maximum security.

We deliver enterprise-grade security, ensuring full data compliance and data privacy for every user.

Discover our security architecture and infrastructure standards :

 

Application security : core protection

Security: Data confidentiality and integrity guaranteed by the application’s code.

Modern cyber threats increasingly target the software layer rather than the network. DAMAaaS guarantees data integrity and confidentiality through a proactive Security-by-Design approach.

A Robust & Proven Tech Stack

We leverage industry-standard, battle-tested technologies to ensure a reliable foundation. Our stack is optimized to mitigate risks while maximizing maintainability and performance :

  • Database : MariaDB (MySQL) 
  • Backend : PHP with CodeIgniter Framework
  • Frontend : HTML5, JavaScript and jQuery

Granular Access Control

We implement multi-layered permission management to ensure absolute data isolation:

  • User Interface (UI): Users only see the features and views they are authorized to access.

  • Application Logic: The platform strictly executes authorized workflows and actions.

  • Data Layer: Only authorized records are retrieved from the database, preventing unauthorized data exposure.

Proactive Data Validation

We perform systematic input sanitization and validation to protect against common vulnerabilities, including SQL Injection, XSS (Cross-Site Scripting), and CSRF (Cross-Site Request Forgery).

Access & identity security

Identity & Access Management (IAM)

Seamlessly manage user identities and enforce granular access controls with native security features:

  • Advanced Password Policies : Default 12-character complexity requirements fortified by anti-brute-force protection.

  • IP-Based Access Control : Restrict sensitive applications to specific IP ranges (e.g., corporate offices). This native, per-app feature includes a secure email-based bypass for authorized remote access.

  • Multi-Factor Authentication (MFA) : Enhance security with app-based OTP (One-Time Passwords). This built-in feature can be enabled on a per-application basis for maximum protection.

Permissions & Activity Monitoring

  • Intuitive Access Management : Manage individual and group permissions via DMatrix (by INAGUA), our proprietary visual rights matrix. It provides an exhaustive yet streamlined single-page overview of all user rights.

  • Comprehensive Audit Trails : Maintain full transparency with a complete version history. Every data modification is logged with the user identity, precise timestamp, and specific field updates.

This multi-layered security framework ensures DAMAaaS meets the most stringent corporate compliance and governance requirements.

 

Business continuity & disaster recovery

Data Protection & Disaster Recovery (BCDR)

Redundant Backup Infrastructure

  • Geographic Redundancy : A dedicated backup infrastructure is hosted in a separate, geographically distant data center.
  • High-Frequency Sync : Production data is synchronized with the recovery site every hour.
  • DRP Testing : We conduct regular Disaster Recovery Plan (DRP) drills to ensure immediate operational readiness.

Backup Strategy & Retention All DAMAaaS applications and data are backed up hourly and stored across two distinct sites with a rigorous retention policy:

  • Hourly snapshots : Retained for 4 hours.
  • 4-hour snapshots : Retained for 24 hours.
  • Daily backups : Retained for 7 days.
  • Weekly backups : Retained for 5 weeks.
  • Monthly backups : Retained for 12 months.

Recovery Objectives (RPO & RTO)

  • Recovery Point Objective (RPO) : 1 hour. Our hourly synchronization ensures that no more than 60 minutes of data is ever at risk.
  • Data Synchronization : Traffic failover to our secondary infrastructure is completed within minutes.
  • Recovery Time Objective (RTO) : 4 hours. For customers on a paid subscription (upgraded from the free version), we guarantee a return to full service within 4 hours.

Talk to our experts

Have specific compliance requirements? Let’s discuss your project.