Overview

An overview of PerspioSecure

340

PerspioSecure

What is PerspioSecure?

Here at Perspio, nothing is more important than the security of our customer's data. We go above and beyond to implement the latest cutting-edge security tools, as well as ensure robust processes and the fundamentals of information security management are in place and adhered to by our entire team.

Ensuring the security of Perspio is an ever-evolving process that is regularly reviewed, adjusted and tested. PerspioSecure is comprised of a collection of services and processes that, together, aim to address the security standards of a SaaS or PaaS solution as defined by key industry bodies.

These are a few primary controls and approaches we take to secure the different aspects of our business and platforms.

👍

Security First Approach

Perspio promotes a security-first approach when designing any component or feature of the platform. This defines the composition of PerspioSecure and the services, tools and technologies required to provide complete security coverage.

Environment

Continuous Security Monitoring & Detection
Perspio leverages several tools that provide insights, intrusion prevention and early detection of any anomalies with our public-facing endpoints and internal infrastructure & services.

Perimeter Network Control
All ingress and egress traffic flowing through the Perspio SaaS environment is protected and governed by the network (Layer 4) and web application firewalls (Layer 7).

Transport Encryption & Hashing
Perspio leverages 2048-bit RSA Transport Layer Security (TLS) encryption on all public transport links carrying customer information or controlling our infrastructure whilst using different flavours of SHA-2 for hashing.

Data Separation
Perspio uses industry-standard libraries and software engineering techniques to ensure logical data separation between client datasets within the SaaS environment.

Data Encryption
Perspio employs various methods for data encryption both at rest and in transit encompassing the server-side and client-side components with separation of duty at the different levels of the hierarchy, customer control, and complete audit trails.

Data Centre Security
Perspio is exclusively hosted within Microsoft Azure’s globally distributed data centre infrastructure. Azure infrastructure meets broad international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2. This includes region-specific standards, including Australia IRAP.

Endpoint Protection
Perspio almost exclusively utilises serverless infrastructure and components; however, anywhere we are responsible for the OS layer, we have deployed state-of-the-art anti-virus and anti-malware solutions as part of a suite of next-generation endpoint protection tools.

Patching
Perspio has robust policies and implements processes to ensure we regularly perform essential maintenance activities such as patching software, taking data backups, and testing controls that are functional as expected.

Backups
Perspio forks all ingress customer and platform audit data into cold storage within a different geographical region. It is stored securely and in its raw format allowing it to be re-ingested if a restoration scenario is invoked. Data reingestion procedures are tested bi-annually to ensure any disasters can be recovered.

Access

Access & Identity Management
Perspio leverages a unified framework to manage user access and authentication. Perspio only delegates privileged access to named individual user accounts to enable auditing and logging of privileged accesses to customer data. Perspio performs regular access reviews of employee privileges to ensure that their privileges are updated and in sync as employee roles change over time. Two-factor authentication is also mandatory on all corporate accounts.

Least Privilege
Perspio follows the principle of least privilege as a general model within the business. Where employees do not require access to information or systems, they are not given it.

Development

Penetration Testing
We perform penetration testing against our application on every significant release using our in-house security experts.

Hardened Builds
Perspio uses hardened builds for its application servers. No software runs with root privileges, and application and deployment accounts do not have access to the rest of the operating system or network beyond what is necessary.

Secure Coding
Perspio adopts secure coding principles during development. All code is checked in is reviewed for security weaknesses by both humans and automated scanning tools.

No Passwords
Perspio uses SSH keys to control access to its infrastructure. No passwords are in the estate, protecting us from standard brute forcing and password-stuffing attacks.

Governance

Governance & Responsibility
No amount of technical security controls would be sufficient unless backed up by robust processes and governance. Perspio has a strong governance model that makes specific staff members responsible for information security in the organisation, in line with ISO27001 principles.

Background Checks
We vet every employee with third-party background checks for authentication purposes and for criminal records, as well as following up on character references.