Magenta takes measures to avoid & nullify attempts by third- parties to compromise data of users of Magenta. This document details the measures that we have taken while building & deploying the software.
1. Security Measures: API authentication happens wit OAuth 2.0 for both client & user access. At code level, CSRF, Form tampering, SQL Injection and XSS prevention have been deployed. CloudFlare is used as Firewall. Network is SSL encrypted. Data access happens through multi-factor authentication and data is encrypted in transit & at rest.
2. Compliance: The environment that hosts MagentaBi.com maintains multiple certifications for its data centres, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please see this.
3. Availability & Recovery: Our infrastructure will run on systems that are fault tolerant, for failures of individual servers or even entire data centres.Customer Data will be stored redundantly at multiple locations in our hosting provider’s data centres to ensure availability.
We have well- tested backup and restoration procedures, which allow recovery from a major disaster. Customer Data and our source code are automatically backed up nightly. In case of a mis-behaviour, the Operations team is alerted in real-time and back-up is automatically deployed.
4. Confidentiality: We place strict controls over our own access to the data. We have technical controls and audit policies in place to ensure that if any, access to Resources is logged. We do a review of these policies routinely every 90 days along with security audits.
All of our employees and contract personnel are bound to our policies regarding Customer Data and we treat these issues as matters of the highest importance within our company.
5. Encrypted Transactions: Web connections to MagentaBi will be via TLS 1.2 and above. We support forward secrecy and AES-GCM, and prohibit insecure connections using SSL 3.0 and below or RC4.