Security
Agrippa Solutions AS is committed to security by design through our development, deploy and operations processes. We are working on following the OWASP (Open Web Application Security Project) recommendations as one of our main security guidelines.
General Data Protection Regulation – GDPR
Agrippa Solutions AS is committed to meet the EU legislation known as General Data Protection Regulation (GDPR), which becomes enforceable 25 May 2018. This legislation replaces European Privacy Directive 95/46/EC.
Agrippa Improvements will have features to support the following GDPR requirements:
- Conditions for consent: Ask users for consent upon signup and save this information at the user profile.
- Right to access, correct, and erase data: Users can access, edit, and delete user information, either manually or programmatically using our API.
- Data minimization: This is achieved by user account linking, and contact management.
- Data portability: Export user data either manually or programmatically. Raw data from Agrippa Improvements can be exported in JSON format (which is machine-readable).
- Protect and secure user data: Agrippa uses several features to meet this requirement, like data encryption, user rights management, brute-force protection, breached password detection, and intrusion detection.
User Authentication
Agrippa Improvements uses Auth0.com and Azure AD for user authentication. Some key features:
- Authorization header need to be present for correct user account.
- Connecting via https.
- API uses OAuth JSONWebToken Signature HS256.
- Agrippa also support use of certificates for non-interactive end-points / API.
Data access
Agrippa Improvements supports controlling who has access to personal data. Data security is a critical requirement of the GDPR. The solution supports the following mechanisms:
- Role-based security to group together a set of privileges that limit the tasks that can be performed by a given user.
- Record-based security enables restricted access to specific records.
Data Encryption
Agrippa is using data encryption to protects data at rest by encrypting the database, associated backups, and transaction log files at the physical storage layer. We have also implemented data encryption in Azure Storage to secure data at rest and in transit.
Transport Layer Security (TLS) provides protection of data in transit on SQL Database connections.
Data is protected in transit between the user application and Azure so that it remains secure at all times.
SQL Database Security
Agrippa uses built-in Azure SQL security capabilities to reduce risks and achieving compliance with the GDPR.
Agrippa uses Azure SQL database features for managing database access and authorization at several levels:
- Azure SQL Database firewall restricting access exclusively to authorized connections.
- SQL Server authentication to ensure that only authorized users with valid credentials can access database server.
- SQL Server authorization to manage permissions according to the principle of least privilege.
- Row-level security (RLS) is used for restrictions on data row access.
- GDPR requires protecting personal data against security threats. Agrippa uses built-in capabilities that safeguard data and identify when a data breach occurs:
- Auditing for tracking database events and write them to an audit log.
- SQL Database Threat Detection detects anomalous database activities indicating potential security threats to the database.