The security of data is critical to the success of our business and we know that it is important for our customers. So you can be assured we take security extremely seriously.
We make security a priority in our business practices and throughout the development process, maintaining effective controls over the security, availability, confidentiality and processing integrity of the platform. This creates a highly secure platform that allows our customers and partners to access information in a safe and secure way.
Microsoft is a trusted partner for Auror, and we use its services to protect and manage data in accordance with all applicable regulations. We do not hold any personal data at our office facilities. The Auror Platform is fully hosted by Microsoft Azure in its world-class and secure data centers.
These data centers utilise industry leading security policies and standards and are SOC 1/SSAE 16/ISAE 3402, SOC 2, and ISO 27001/27002/27018 compliant. Each Azure facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These data centres comply with industry standards (such as ISO 27001) for physical security and availability.
They are managed, monitored, and administered by Microsoft operations personnel. Microsoft anti-malware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defence and reduce risks.
Further details about Microsoft Azure are available on Microsoft’s own Trust Center.
We have best-in-class capability in security
All information in transit to and from Auror is encrypted using SSL 256-bit encryption. The Auror platform can only be accessed using a secure channel where the data traffic is encrypted using a SHA-2 certificate (256-bit encryption).
Transport Layer Security (TLS/SSL) is used to protect the transfer of information and data to our servers. All personal information is also encrypted at rest within our databases. At the application level, security features have been embedded into our code-base, such as SQL injection and Cross-site scripting, to prevent attacks. Microsoft actively monitors for intrusion attempts against our servers.
All user activities on our sites are monitored and audited meaning that any action performed by a user can be tracked (and changes reverted if needed). If there was an attack or misuse from a user, the user can be identified and deactivated by Auror.
Auror employs independent third parties to regularly test and affirm the integrity of our security systems. Testing includes network and application-level penetration testing as both an anonymous and as an authenticated user under the context of several sets of valid credentials.
Application, infrastructure, and security logs are consolidated and archived for a period of at least three years. Suspicious activity is inferred (using a combination of hand-built and machine learning alert rules) from these logs and sent to our engineering team in real-time.
Microsoft anti-malware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defense and reduce risks.
Automatic checks in our software development lifecycle identify security vulnerabilities in our 3rd party libraries and frameworks. These issues are patched promptly when an update is made available.
Leading Global Retailer
Sr. Director of Asset Protection Operations
The Auror Platform is fully hosted by Microsoft Azure in its world-class and secure data centers. Each geography utilizes a local instance to adhere with relevant security and privacy guidelines. This includes the following data center locations:
North American (US & Canada) Platform: Microsoft Azure USA
Australian Platform: Microsoft Azure Australia
New Zealand Platform: Microsoft Azure Australia
UK Platform: Microsoft Azure UK
RoW Platform: Microsoft Azure USA
Yes - information is encrypted in transit and at rest.
All data is encrypted and decrypted using 256-bit AES encryption. Data at rest is encrypted in SQL server using Transparent Data Encryption (TDE) that performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest. All information in transit to and from the Platform is encrypted using SSL 256-bit encryption and protected with Transport Layer Security (TLS/SSL).
All user activities on our sites are monitored and can be audited meaning that any action performed by a user can be tracked (and changes reverted if needed). If there was misuse from a user, the user can be identified and deactivated.
Our Incident Response Process details a clear process for handling incidents, and contains clear escalation paths to senior and executive staff members. If incidents occur, the findings are used to improve processes and systems throughout the organization.
Auror also has processes in place to respond to and manage any data breaches. In the unlikely event of a data breach, Auror will promptly notify the affected customer(s) and any regulators (if required).
Yes - We can provide in-depth information on the Platform Security as part of the customer due diligence process. Please get in touch.