Security and Compliance

Disaster Recovery and Business Continuity

 

Disaster Recovery Plan

IronWifi, as a SaaS application provider developed and maintains Disaster Recovery plan for its services. DR plan is validated for accuracy every 6 months.

 

Distributed Data Center

The whole infrastructure is hosted in Google Cloud. Data centers are geographically dispersed around the world.

 

Data Backup

All configuration and user data is backed up to Google Data store. The backup data is distributed over many machines and using master-less synchronous replication over a wide geographic area.

 

Certifications and Compliance

IronWifi has implemented, maintains and is continually improving the management systems according to standards ISO 9001:2009 and ISO 27001:2013.

 

Audit and Alert Capabilities

 

Infrastructure Status Reports

Infrastructure up-time / downtime monitored using internal and external monitoring tools. Every information is logged and internally reported. We are not sharing this information with our customers.

 

Change/Upgrade Notifications

Customers are notified about any software, hardware / datacenter change or upgrade if an impact is probable. This announcement is sent to the customers at least 1 week before the change or upgrade.

 

Admin Audit Logs

All account administrator’s activities are logged for auditing purpose. The list of activities can be provided to the customer when required.

 

User Audit Logs

All user activity is logged and made available in the form of authentication and accounting reports.

 

Data Access Logs

All data access is logged and reports can be provided to the customer when required.

 

Data Classification Capabilities

 

Data Classification Capability

Application allows classification of stored data in different security types – public (captive portal pages and shared files), confidential (configuration) and proprietary (source code)

Each classification is treated differently in terms of encryption and access control.

 

Data Ownership

Customer has the copyright and/or ownership to the content uploaded to our portal. Customer owns data they produce or upload to the platform.

Account Cancellation

If the customer decides to leave the service, all data associated with the customer is automatically and immediately erased. Log data is erased after the retention period 6 months.

 

Download on Cancellation

If the customer leaves the service, he is allowed to download the data. Data will be available for download after contacting the support personnel.

 

Policy Enforcement and Access Control

 

Support for role based authentication/access

Application administrator can define multiple roles with different access permissions. These roles can be assign to team members. All roles are using the same authentication / access mechanisms.

 

Support for multi-factor authentication

IronWifi platform does not require more than one authentication credential from the user.

 

SSO/AD Hooks

Application provides authentication via OAuth protocol and optionally also via SAML 2.0. Other authentication protocols list OpenID, Facebook, Twitter, AD/LDAP and LinkedIn are available only for Captive Portal users.

 

Granular Action Based Authorization Policies

Account administrator can add new members to the account. New members can have one of the following permissions assigned:

  • Is Owner – can change account settings and manage team members
  • Can edit – can change account settings
  • Can read – can read all account settings and information

 

Support for device types

At this moment, we are no longer maintaining any native apps for iOS, Android, Windows Mobile, Blackberry or Desktop platform

 

IP Whitelisting

Customers are allowed to provide a set of IP’s so that only those IP’s will be allowed to use the application.

Enforceable best practices for passwords

The application enforces best practices for passwords, requiring at least 8 characters long passwords. Application does not define frequency of change.

Encryption

Data encryption at REST

The IronWifi console is using REST API and all API calls are authorized with a OAuth access token. Data encryption is not enforced at the REST level.

 

Data encryption in transit

All information is protected using TLSv1.2 encryption algorithm during transfer (SSL).

 

Data maintained per tenant

The platform does not support encrypting customer data with a key managed and provided by the customer.

 

File Sharing

Platform supports file sharing facility. Customers are allowed to upload and share their files via their Captive Portal.

File Sharing Capacity

Platform does not allow anonymous sharing of data. A valid customer account and a credit card might be required to share larger amount of data.