Security

jPower8 builds its products and services with security, availability and resiliency at its core.

For our products and services, we employ an extensive layered security model to protect data in all stages and across all environments. On all layers, we have policies, systems and safeguards that employ preventative, detective and corrective measures.

Preventative measures

We take every precaution possible on technical, procedural and personal level to prevent data loss, leak or related crime.

Data Center and Network Security

  • jPower8 systems are either installed on premise utilising our customers’ infrastructure and security, or use top-tier Cloud / Data Centre Service providers.
  • All data is encrypted in transit, in use and at rest.
    • In Transit, all communications with our applications and API’s are encrypted using industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. For email services opportunistic TLS is enabled by default to help secure all mail server communications.
    • For data at rest, we deploy advanced encryption mechanisms (AES-256 encryption with strong key management standards).
  • Our security processes and technologies are deployed across all production and non-production environments.
  • Cloud hosting providers maintain industry standards for hosting facilities to protect against unauthorised physical access.
    • Primary hosting facility is located in the EU. Disaster Recovery service is maintained in accordance with recommended practices for geographical diversity to help ensure maximum availability of business critical applications.
  • On architectural level, network security employs latest best practices to perform risk dependent segregation of environments and data.
  • For DDoS mitigation, we leverage a multi-layered approach and native Cloud protections to maintain maximum availability.
  • We maintain separate environments for development, staging and production. Each environment has independent authorisation and authentication controls so that production data cannot leak into non-production environments.

Application security

  • Development and release management processes are used for both new application releases and updates to existing products.
  • Continuous application security testing and monitoring is performed using certified 3rd party tools and/or services to ensure security of every release.
  • Third party software modules are updated to the latest available stable version.
  • Military grade encryption technologies and strong key management provide extensive protections of client data.
  • Our services and applications are in compliance with industry best practices for password security.
    • Optionally, multi-factor authentication can be implemented as an extra layer of security to prevent login abuse or theft.

Authorisation and Authentication

  • Within the applications themselves, industry standard authorisation and authentication models are utilised to provide maximum data protection.
  • When designing, implementing and reviewing our Security Management System, we draw on our experience and long-term partnerships with major financial institutions which have advanced information and data security protocols.
  • We employ role-based network and environment access controls to provide for fine adjustments in access rights & permissions.
  •  jPower8 gives users only privileges needed for them to complete its task based on pre-defined roles.

People

  • Drawing on our experience with Security assessments in major financial institutions, we have designed in-house security policies drawing onto ISO 27001, that are rigorously enforced.
  • Security awareness trainings are organised regularly both for senior and new engineers.
  • Employees and Contractors are also required to sign confidentiality agreements and NDAs.

Detective measures

We employ tools, procedures and processes to discover potential and real threats and possible security breach attempts.

  • We employ best-in-class industry practices and tools to identify possible threats.
  • We utilise security monitoring and a robust analytics and threat detection engine to provide defence mechanisms that identify and block malicious traffic or network based attacks.
  • Environments are regularly scanned to identify risks and apply necessary corrective measures.
  • Extensive logging in the context of 24/7 monitoring identifies vulnerabilities in real time that are further analysed by our security professionals.
  • We deploy and regularly update anti-malware tools which analyse events and generate alerts for suspicious activities.
  • Changes in user roles and access privileges and are subject to logging, that are regularly audited.
  • Rigorous testing process for our code base include both automated and manual tests which locate, identify and categorise security vulnerabilities.

Corrective measures

  • If data breach and/or loss occurs, jPower8 employs industry-standard mitigation and mediation measures to minimise adverse effect on business operations.
  • Incident response plans are in place and are revised and updated regularly to mitigate existing, new and emerging risks.
  • Backup and Recovery measures draw on geographical distribution and cloud capabilities to ensure applications and services are easily recoverable in the event of a disaster.