Security professionals will tell you that security is not just a feature that gets added on to a solution. Secure systems must be architected and built with security in mind.
With OpsStream we have done just that: before we began developing this incredible software we defined a comprehensive access control and data security model that protects data better than any other business management solution on the market.
The technical details are beyond the scope of this brief description, but here are a few
quick glimpses into the data security provided:
Note: All features are included in every instance of OpsStream. There are no add-ons you need to purchase. When the word "optional" is used here, it means that you can turn on this capability as needed, but that it generally isn't turned on for every piece of data.
- All data is stored entirely in a dedicated Microsoft SQL Server 2008R2 or later database on a dedicated server, attached to dedicated direct-attached storage. Data is NOT stored in a multi-tenant or cloud-based environment.
- Comprehensive role-based security gives users the access to only the data and functionality they need
- Field level access control allows individual fields to be flagged as read-only or even invisible to certain groups of users
- Optional built-in field level encryption (using AES-256) with a field-level authenticator the system administrator provides.
- OpsStream user passwords are hashed. Clear text passwords are never stored.
- Even direct SQL access to the data tables will not permit decryption of the data.
- Restrictive SQL access rights are employed throughout
- SQL-level enforcement of application-level security. That's right: you can run SELECT * FROM xxxx against
- OpsStream-managed data from an external tool like SSMS, and you will get no rows back...unless you have authenticated into a valid OpsStream account
- Database can be stored in an encrypted container, securing "data at rest" for the entire database
- HIPAA-compliant data management
- Optional flags can be set on high-value data records that result in explicit user, session, and date/timestamp logging of every access.
- Optional field-level or table-level audit trail of all updates to a record.
- When we host the application, we use only PCI-compliant data centers. (Generally IBM's Softlayer facilities.)
- We give you the option to host the application on your own server
- Many additional security and data protection features... Contact us for details.