Managed App builds software and operates an IT server environment to provide our service to you, the user. To keep your company's data secure and maintain data privacy, we follow IT security best practices. In this article, we will cover some of the relevant techniques.

Managed App protects user sessions using a variety of methods, including but not limited to strong passwords, two-factor authentication and time limits.

Strong passwords help protect user accounts from unauthorized access. Strong passwords contain a combination of letters, numbers, and special characters, and have minimum length requirements making them harder to attack with automated techniques such as brute force attacks. Managed App enforces programmatic password complexity rules that we change from time to time at our discretion to make your passwords better.

Managed App enforces a hard session timeout limit after which inactive users are forcibly logged out of the system. This protects against users leaving their computer unattended and prevents other security issues in the event a user's computer were lost or stolen.

Two-factor authentication (2FA) is a security measure that requires users to provide two forms of identification to access their accounts, combining something the users knows (the password), with something have physically have access to (their phone). Managed App uses 2fa for extra piece of mind when securing or recovering access to individual user accounts. Even in cases, where a cyber criminal were able to trick a user into sharing their credentials, the attacker would also need to steal the users second factor authentication, which is orders of magnitude harder to do.

Encryption is the process of converting plain text or data into a coded or encrypted form to prevent unauthorized access. Managed App use encryption to protect data in transit, that is while being transmitted from your computer to Managed App servers, and at rest, which is when we store it on disk. We also use a special form of encryption called hashing or tokenisation.

This encryption ensures that even in the unlikely event that an attacker gains physical access to the storage device, they cannot read or modify the data without the encryption key. Managed App encryption keys are stored separately and securely in a virtual key vault that is not co-located with the devices this encryption key is used for.

Encryption in transit refers to the encryption of data as it is transmitted over a network, such as the internet. Managed App uses a modern version of the transport layer security protocol (TLS) to encrypt all network traffic to and from our servers. Even, if an attacker intercepts your data as it traverses a public network, they cannot read or modify it without the encryption key. We use encryption in transit to protect all access to Managed Apps APIs, which includes all property, lease, or more generally all user data.

Not all encryption is created equal. While i.e. encryption at rest uses an encryption key to both encrypt and decrypt data, hashing or tokenisation is a one way street type of encryption. Once data has been hashed or tokenised it can never be unencrypted again, even with access to the original key. These hashes or tokens are useful to protect particularly sensitive information, such as passwords or credit card information. While Managed App does store hashed passwords on our servers, we never store credit card tokens, which are sent directly to our external payment gateway for processing.

Managed App has a dedicated operations team that is responsible for providing Managed App as a service. We continuously monitor our systems and networks for access and threats, and undergo regular external penetration testing exercises.

Managed App provides access to your data and critical system functions to internal staff on an as needed basis only. These access privileges are immediately revoked when no longer required and all access privileges are regularly reviewed. We have policies in place to ensure access to your data and critical system functions cannot be gained easily; all authorizations have to be granted by a line manager, and independently confirmed by a second team member.

Managed App continuously monitors our server environment and networks for threats. This includes analysis of network traffic, user sessions, and identifying traffic from unusual network locations or device configurations. Step-up security may be enforced on user sessions to protect our systems (and your data) from access by third parties.

Managed App conducts regular penetration tests of our systems that are conducted by certified external security professionals. We regularly update our systems based on these recommendations to ensure our security measures remain relevant against an always changing external environment.

We welcome questions about the security of our system so please don't hesitate to contact us on [email protected] for further information.