Security

The security of data is critical to the success of our business and we know that it is important for our customers. So you can be assured we take security extremely seriously.

We make security a priority in our business practices and throughout the development process, maintaining effective controls over the security, availability, confidentiality and processing integrity of the platform. This creates a highly secure platform that allows our customers and partners to access information in a safe and secure way.

Partnering with Microsoft

Microsoft is a trusted partner for Auror, and we use its services to protect and manage data in accordance with all applicable regulations. We do not hold any personal data at our office facilities. The Auror Platform is fully hosted by Microsoft Azure in its world-class and secure data centers.

These data centers utilise industry leading security policies and standards and are SOC 1/SSAE 16/ISAE 3402, SOC 2, and ISO 27001/27002/27018 compliant. Each Azure facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These data centres comply with industry standards (such as ISO 27001) for physical security and availability.

They are managed, monitored, and administered by Microsoft operations personnel. Microsoft anti-malware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defence and reduce risks.

Further details about Microsoft Azure are available on Microsoft’s own Trust Center.

Auror is a Microsoft Partner

We have best-in-class capability in security

Encryption

All information in transit to and from Auror is encrypted using SSL 256-bit encryption. The Auror platform can only be accessed using a secure channel where the data traffic is encrypted using a SHA-2 certificate (256-bit encryption).

Transport Layer Security (TLS/SSL) is used to protect the transfer of information and data to our servers. All personal information is also encrypted at rest within our databases. At the application level, security features have been embedded into our code-base, such as SQL injection and Cross-site scripting, to prevent attacks. Microsoft actively monitors for intrusion attempts against our servers.

User Auditing

All user activities on our sites are monitored and audited meaning that any action performed by a user can be tracked (and changes reverted if needed). If there was an attack or misuse from a user, the user can be identified and deactivated by Auror.

Third Party Testing

Auror employs independent third parties to regularly test and affirm the integrity of our security systems. Testing includes network and application-level penetration testing as both an anonymous and as an authenticated user under the context of several sets of valid credentials.

Detection and Analysis

Application, infrastructure, and security logs are consolidated and archived for a period of at least three years. Suspicious activity is inferred (using a combination of hand-built and machine learning alert rules) from these logs and sent to our engineering team in real-time.

Vulnerability & Threat Management

Microsoft anti-malware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defense and reduce risks.

Automatic checks in our software development lifecycle identify security vulnerabilities in our 3rd party libraries and frameworks. These issues are patched promptly when an update is made available.

“I’ve been amazed by the figures in terms of offending reductions and preventions we’ve been able to achieve. The team can see the difference we make in the community, and that’s ultimately what we all want to achieve.”

Leading Global Retailer
Sr. Director of Asset Protection Operations

Frequently
asked questions

Where is the data hosted?

Down arrow

The Auror Platform is fully hosted by Microsoft Azure in its world-class and secure data centers. Each geography utilizes a local instance to adhere with relevant security and privacy guidelines. This includes the following data center locations:

North American (US & Canada) Platform: Microsoft Azure USA
Australian Platform: Microsoft Azure Australia
New Zealand Platform: Microsoft Azure Australia
UK Platform: Microsoft Azure UK
RoW Platform: Microsoft Azure USA

Is the data encrypted?

Down arrow

Yes - information is encrypted in transit and at rest.

All data is encrypted and decrypted using 256-bit AES encryption. Data at rest is encrypted in SQL server using Transparent Data Encryption (TDE) that performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest. All information in transit to and from the Platform is encrypted using SSL 256-bit encryption and protected with Transport Layer Security (TLS/SSL).

Does Auror keep track of user activity on the platform?

Down arrow

All user activities on our sites are monitored and can be audited meaning that any action performed by a user can be tracked (and changes reverted if needed). If there was misuse from a user, the user can be identified and deactivated.

What happens if there is a security incident or data breach?

Down arrow

Our Incident Response Process details a clear process for handling incidents, and contains clear escalation paths to senior and executive staff members. If incidents occur, the findings are used to improve processes and systems throughout the organization.

Auror also has processes in place to respond to and manage any data breaches. In the unlikely event of a data breach, Auror will promptly notify the affected customer(s) and any regulators (if required).

Do you have additional information on your security practises?

Down arrow

Yes - We can provide in-depth information on the Platform Security as part of the customer due diligence process. Please get in touch.

More about the Trust Centre