Disaster Recovery and Business Continuity
Disaster Recovery Plan
IronWifi, as a SaaS application provider developed and maintains Disaster Recovery plan for its services. DR plan is validated for accuracy every 6 months.
Distributed Data Center
The whole infrastructure is hosted in Google Cloud. Data centers are geographically dispersed around the world.
All configuration and user data is backed up to Google Data store. The backup data is distributed over many machines and using master-less synchronous replication over a wide geographic area.
Certifications and Compliance
IronWifi has implemented, maintains and is continually improving the management systems according to standards ISO 9001:2009 and ISO 27001:2013.
Audit and Alert Capabilities
Infrastructure Status Reports
Infrastructure up-time / downtime monitored using internal and external monitoring tools. Every information is logged and internally reported. We are not sharing this information with our customers.
Customers are notified about any software, hardware / data center change or upgrade if an impact is probable. This announcement is sent to the customers at least 1 week before the change or upgrade.
Admin Audit Logs
All account administrator’s activities are logged for auditing purpose. The list of activities can be provided to the customer when required.
User Audit Logs
All user activity is logged and made available in the form of authentication and accounting reports.
Data Access Logs
All data access is logged and reports can be provided to the customer when required.
Data Classification Capabilities
Data Classification Capability
Application allows classification of stored data in different security types – public (captive portal pages and shared files), confidential (configuration) and proprietary (source code)
Each classification is treated differently in terms of encryption and access control.
Customer has the copyright and/or ownership to the content uploaded to our portal. Customer owns data they produce or upload to the platform.
If the customer decides to leave the service, all data associated with the customer is automatically and immediately erased. Log data is erased after the retention period 6 months.
Download on Cancellation
If the customer leaves the service, he is allowed to download the data. Data will be available for download after contacting the support personnel.
Policy Enforcement and Access Control
Support for role based authentication/access
Application administrator can define multiple roles with different access permissions. These roles can be assign to team members. All roles are using the same authentication / access mechanisms.
Support for multi-factor authentication
IronWifi platform does not require more than one authentication credential from the user.
SSO / AD Hooks
Application provides authentication via OAuth protocol and optionally also via SAML 2.0. Other authentication protocols list OpenID, Facebook, Twitter, AD/LDAP and LinkedIn are available only for Captive Portal users.
Granular Action Based Authorization Policies
Account administrator can add new members to the account. New members can have one of the following permissions assigned:
- Is Owner – can change account settings and manage team members
- Can edit – can change account settings
- Can read – can read all account settings and information
Support for device types
At this moment, we are no longer maintaining any native apps for iOS, Android, Windows Mobile, Blackberry or Desktop platform
Customers are allowed to provide a set of IP addresses so that only those IP addresses will be allowed to use the application.
Enforceable best practices for passwords
The application enforces best practices for passwords, requiring at least 8 characters long passwords. Application does not define frequency of change.
Data encryption at REST
The IronWifi console is using REST API and all API calls are authorized with a OAuth access token. Data encryption is not enforced at the REST level.
Data encryption in transit
All information is protected using TLSv1.2 encryption algorithm during transfer (SSL).
Data maintained per tenant
The platform does not support encrypting customer data with a key managed and provided by the customer.
Platform supports file sharing facility. Customers are allowed to upload and share their files via their Captive Portal.
File Sharing Capacity
Platform does not allow anonymous sharing of data. A valid customer account and a credit card might be required to share larger amount of data.