At Annex Cloud, our top priority is keeping our customers' data secure. We employ rigorous security measures at the organizational, architectural, and operational levels to ensure that our customers data, applications, and infrastructure remain safe.
Being pro-active rather than re-active to emerging security issues is a fundamental belief at Annex Cloud. Every day, new security issues and attack vectors are emerging and Annex Cloud strives to keep abreast of the latest security developments by working with security researchers, our peers, and our customers. We appreciate the community's efforts in creating a more secure ecosystem for all.
Please note: We ask that you do not share or publicize any vulnerabilities submitted or directly through the bug bounty program platform.
Click to View Our Security Hall of Fame
All employees receive security, privacy, and compliance training the moment they start. Though the extent of involvement may vary by role, security is everybody’s responsibility at Annex Cloud.
This commitment to security extends to our executives. Our security programs drive executive alignment across our organization, and ensures that security awareness and initiatives permeate throughout our organization.
Annex Cloud uses the Advanced Encryption Standard (AES) algorithm with a key size of 256 bits to keep the data secure at rest.
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protects user access via the internet, helping to secure network traffic from passive eavesdropping, active tampering, or message forgery. File-based integrations can be encrypted via PGP or a public/private key pair generated by Annex Cloud, using a customer-generated certificate. JWT token authentication is also supported for REST API integrations to the Annex Cloud API.
Annex Cloud security access is role-based, supporting SAML for single sign-on, and native Annex Cloud login.
SAML allows for a seamless, single-sign-on experience between the customer’s internal web portal and Annex Cloud. Customers log in to their company’s internal web portal using their enterprise username and password and are then presented with a link to Annex Cloud, which automatically gives customers access without having to log in again. Annex Cloud also supports Azure SSO, Ping Identity and any SAML2.0 compliant SSO and identity management service.
For customers who wish to use our native login, Annex Cloud only stores our Annex Cloud password in the form of a secure hash as opposed to the password itself. Unsuccessful login attempts are logged as well as successful login/logout activity for audit purposes. Inactive user sessions are automatically timed out after a specified time, which is customer configurable by user.
Customer configurable password rules include length, complexity, expiration, and forgotten password challenge questions.
Annex Cloud applications are hosted in state-of-the-art cloud centers designed to protect mission-critical computer systems with fully redundant subsystems and compartmentalized security zones..
Annex Cloud is hosted and managed within Cloud Platform in multiple regions around the world. Cloud Platform handles physical and infrastructure using top-notch security and compliance standards. Cloud Platform is designed with no single point of infrastructure failure.
The compliance standards of our cloud provider meets include:
Production resources containing customer data are only accessible by authorized Annex Cloud personnel, no wireless networks are used in production, and the production networks require multi-factor VPN for all administrative access.
Annex Cloud has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the Annex Cloud environment. We’ve also implemented proactive security procedures, such as perimeter defense and network intrusion prevention systems (IPSs) using SIEM vendors.
Network IPSs monitor critical network segments for atypical network patterns in the customer environment as well as traffic between tiers and service.
We also maintain a global Security Operations Center 24/7/365.
Annex Cloud has implemented an enterprise Secure Software Development Life Cycle (SSDLC) to help ensure the continued security of Annex Cloud applications.
This program includes an in-depth security risk assessment and review of Annex Cloud features. In addition, both static and dynamic source code analyses are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application.
Role-based access control (RBAC) limits access to data stored in the cloud-based on the roles of particular users within a company. RBAC provides employees with access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them. An employee's role in an organization determines the permissions that an individual is granted and ensures that lower-level employees can't access sensitive information or perform high-level tasks. In the role-based access control data model, roles are based on several factors, including authorization responsibility and job competency. As such, companies can designate whether a user is an end-user, an administrator, or a specialist user. In addition, access to saas software can be limited to specific tasks, such as the ability to view, create, or modify data.
There are a number of benefits to using RBAC to restrict unnecessary access based on people's roles within an organization, including:
Annex Cloud contracts with third-party expert firms to conduct independent internal and external network, system, and application vulnerability assessments.
We contract with a leading third-party security firm to perform an application-level security vulnerability assessment of our applications. The firm performs testing procedures to identify standard and advanced web application security vulnerabilities, including, but not limited to, the following:
External vulnerability assessments scan all internet-facing assets, including firewalls, routers, and web servers for potential weaknesses that could allow unauthorized access to the network. In addition, an authenticated internal vulnerability network and system assessment is performed to identify potential weaknesses and inconsistencies with general system security policies.