Security Controls
This section describes the Symphia NowForce security controls implemented for all NowForce Mobile App customers.
Security Control Processes
- Routine Antivirus scans (the antivirus is constantly updated).
- Amazon Web Application Firewall (WAF) - Protects from DDoS and XSS attacks.
- Continuous security updates to patch known vulnerabilities of operating systems and third-party software.
Application Security
Intellicene follows industry-standards of software development best practices and has implemented the following:
- All of our development employees are trained with Microsoft SDL practices.
- Routine vulnerability assessment and penetration testing of all software under development.
- Static code analysis is routinely undertaken.
Data Control
Your data is always protected, whether when you’re sending data or when the data is stored. Data encryption is provided as standard in-transit and at-rest.
- Data-in-transit encryption - SSL/TLS encryption 1.2 for all communications.
- Data-at-rest encryption - Based on state-of-the-art encryption algorithms (available for SaaS customers).
Access Control
Privileged access to all systems is controlled and monitored. User access to data and systems is carefully managed and controlled, based on the least privilege settings.
Controls include:
- Intellicene administrators use multi-factor authentication for access to the cloud production environments.
- Access to NowForce API uses OAuth 2.0 authentication.
- Customer access control management.
Enabled as default:
- Unique credentials
- Login audit
- Mobile device unique ID (allow blocking/disabling of unauthorized users)
Optional configuration (per customer):
- Strong passwords enforcement
- Multi-Factor Authentication (MFA)
- OAuth 2.0
- IP Range lock
- Single device login
