At Annex Cloud, our top priority is keeping our customers' data secure. We employ rigorous security measures at the organizational, architectural, and operational levels to ensure that our customers data, applications, and infrastructure remain safe.

Security is key to choosing the right loyalty vendor

Responsible Disclosure

Being proactive rather than reactive to emerging security issues is a fundamental belief at Annex Cloud. Every day, new security issues and attack vectors are emerging and Annex Cloud strives to keep abreast of the latest security developments by working with security researchers, our peers, and our customers. We appreciate the community's efforts in creating a more secure ecosystem for all.

Please note: Please report any security vulnerabilities to or Contact Us here. We ask that you do not share or publicize any vulnerabilities submitted or directly through the bug bounty program platform.

Click to View Our Security Hall of Fame

Organizational Security

All employees receive security, privacy, and compliance training the moment they start. Though the extent of involvement may vary by role, security is everybody’s responsibility at Annex Cloud. This commitment to security extends to our executives. Our security programs drive executive alignment across our organization, and ensures that security awareness and initiatives permeate throughout our organization.

employees receive security, privacy, and compliance training the moment they start

Architectural Security

Data Encryption

Data Encryption

Annex Cloud uses the Advanced Encryption Standard (AES) algorithm with a key size of 256 bits to keep the data secure at rest. Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protects user access via the internet, helping to secure network traffic from passive eavesdropping, active tampering, or message forgery. File-based integrations can be encrypted via PGP or a public/private key pair generated by Annex Cloud, using a customer-generated certificate. JWT token authentication is also supported for REST API integrations to the Annex Cloud API.

Logical Security

Annex Cloud security access is role-based, supporting SAML for single sign-on, and native Annex Cloud login.

Single-Sign-On Support

SAML allows for a seamless, single-sign-on experience between the customer’s internal web portal and Annex Cloud. Customers log in to their company’s internal web portal using their enterprise username and password and are then presented with a link to Annex Cloud, which automatically gives customers access without having to log in again. Annex Cloud also supports Azure SSO, Ping Identity and any SAML2.0 compliant SSO and identity management service.

Single-Sign-On Support
Annex Cloud Native Login

Annex Cloud Native Login

For customers who wish to use our native login, Annex Cloud only stores our Annex Cloud password in the form of a secure hash as opposed to the password itself. Unsuccessful login attempts are logged as well as successful login/logout activity for audit purposes. Inactive user sessions are automatically timed out after a specified time, which is customer configurable by user. Customer configurable password rules include length, complexity, expiration, and forgotten password challenge questions.

Operational Security

Annex Cloud security access is role-based, supporting SAML for single sign-on, and native Annex Cloud login.

Physical Security

Annex Cloud applications are hosted in state-of-the-art cloud centers designed to protect mission-critical computer systems with fully redundant subsystems and compartmentalized security zones.

Annex Cloud is hosted and managed within Cloud Platform in multiple regions around the world. Cloud Platform handles physical and infrastructure using top-notch security and compliance standards. Cloud Platform is designed with no single point of infrastructure failure.

The compliance standards our cloud provider meets include:

  • ISO 27001 & ISO 27018
  • SOC1, SOC2, SOC3
  • FedRAMP

Production resources containing customer data are only accessible by authorized Annex Cloud personnel, no wireless networks are used in production, and the production networks require multi-factor VPN for all administrative access.

employees receive security, privacy, and compliance training the moment they start
Advanced Encryption Standard (AES)

Network Security

Annex Cloud has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the Annex Cloud environment. We’ve also implemented proactive security procedures, such as perimeter defense and network intrusion prevention systems (IPSs) using SIEM vendors.

Network IPSs monitor critical network segments for atypical network patterns in the customer environment as well as traffic between tiers and service.

We also maintain a global Security Operations Center 24/7/365.

  • Server Security includes vulnerability testing, virus scans, File Integrity Monitoring
  • SIEM in place for continuous logging
  • SOC team in place for continuous monitoring
  • Incident response processes in place

Application Security

Annex Cloud has implemented an enterprise Secure Software Development Life Cycle (SSDLC) to help ensure the continued security of Annex Cloud applications.

This program includes an in-depth security risk assessment and review of Annex Cloud features. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application.

  • Application Security a core focus – a full S-SDLC process in place with SAST and DAST
  • Regular manual penetration testing for all endpoints
  • Web Application Firewall (WAF) with the latest modsec and OWASP rules
Secure Software Development Life Cycle (SSDLC)
Secure Software Development Life Cycle (SSDLC)

Role-based Access Control

Role-based access control (RBAC) limits access to data stored in the cloud based on the roles of particular users within a company. RBAC provides employees with access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them. An employee's role in an organization determines the permissions that an individual is granted and ensures that lower-level employees can't access sensitive information or perform high-level tasks. In the role-based access control data model, roles are based on several factors, including authorization responsibility and job competency. As such, companies can designate whether a user is an end user, an administrator, or a specialist user. In addition, access to SaaS software can be limited to specific tasks, such as the ability to view, create, or modify data.

There are a number of benefits to using RBAC to restrict unnecessary access based on people's roles within an organization, including:

  • Improving operational efficiency
  • Enhancing compliance
  • Giving administrators increased visibility
  • Decreasing the risk of breaches and data leakage

Vulnerability Assessments

Annex Cloud contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments.


We contract with a leading third-party security firm to perform an application-level security vulnerability assessment of our applications. The firm performs testing procedures to identify standard and advanced web application security vulnerabilities, including, but not limited to, the following:

  • Security weaknesses associated with Flash, Flex, AJAX, and ActionScript
  • Cross-site request forgery (CSRF)
  • Improper input handling (such as cross-site scripting, SQL injection,
  • XML injection, and cross-site flashing)
  • XML and SOAP attacks
  • Weak-session management
  • Data validation flaws and data model constraint inconsistencies
  • Insufficient authentication or authorization
  • HTTP response splitting
  • Misuse of SSL/TLS
  • Use of unsafe HTTP methods
  • Misuse of cryptography
Secure Software Development Life Cycle (SSDLC)

External vulnerability assessments scan all internet-facing assets, including firewalls, routers, and web servers for potential weaknesses that could allow unauthorized access to the network. In addition, an authenticated internal vulnerability network and system assessment is performed to identify potential weaknesses and inconsistencies with general system security policies.

Privacy and Compliance are also key requirements for an enterprise-ready loyalty solution.


See Loyalty in Action

Be inspired with endless ways to make every customer interaction rewarding.


We Can Help

Let's explore how loyalty can help you become one of your customers' most beloved brands.


©2021 All Rights Reserved. AnnexCloud