Security at gtechna
Multi-layer Network Security Protocols
Firewalls at different levels to secure access to private networks and resources, including between:
- Internet and application server
- Application server and database server
- Application server and file server
- File server and other auxiliary firewalls (i.e. backup servers, etc.)
Firewall security features:
- Mitigation of DDoS attacks
- IP whitelisting to limit network access by IP
In addition, inbound and outbound ports are kept to a bare minimum to reduce risk.
gtechna is primarily hosted on AWS, which provides us access to important benefits they provide their customers, including physical security, redundancy, scalability, and key management.
In addition to the benefits provided by AWS, our software has additional built-in security features, including:
- Two-factor authentication
- Role-based permissions
- SSL certificate
- Backups and versioning
- Customer data and privacy protection
- Server contains the minimal number of applications and third-party software
- OS and application are continually updated with the latest security patches and service packs
- Web applications are compliant with security standards that adhere to OWASP suggested security practices concerning:
- SQL Injection
- Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
Application and Platform Security
To routinely ensure security, gtechna conducts 3rd party penetration testing at the very least annually, but often more, and utilizes permission-based access to view penetration testing reports. In addition, we also use scanning tools to monitor and detect vulnerabilities. It is against gtechna’s Terms of Service to probe, scan, or test the vulnerability of provided services or any system or network connected to those services.
Third-Party Risk Assessment
At gtechna, we know how important the 3rd party vendor risk assessment process is to providing security services that meet our standards on cybersecurity, IT, privacy, data security, and business resiliency. With that in mind, our partners routinely undergo testing, questionnaires, and certification processes to ensure that those standards are upheld and unified so our customers and their end-users get the privacy and protection they deserve.