Disaster Recovery and Business Continuity
Disaster Recovery Plan
IronWifi, as a SaaS application provider, developed and maintained a Disaster Recovery plan for its services. DR plan is validated for accuracy every six months.
Distributed Data Center
The whole infrastructure is hosted in Google Cloud. Data centers are geographically dispersed around the world.
All configuration and user data are backed up to Google Datastore. The backup data is distributed over many machines and using master-less synchronous replication over a wide geographic area.
Certifications and Compliance
IronWifi has implemented, maintains, and is continually improving the management systems according to standards ISO 9001:2009 and ISO 27001:2013.
Audit and Alert Capabilities
Infrastructure Status Reports
Infrastructure up-time / downtime is monitored using internal and external monitoring tools. Every information is logged and internally reported. We are not sharing this information with our customers.
Customers are notified about any software, hardware/data center change or upgrade if an impact is probable. This announcement is sent to the customers at least one week before the change or update.
Admin Audit Logs
All account administrator’s activities are logged for auditing purposes. The list of events can be provided to the customer when required.
User Audit Logs
All user activity is logged and made available in the form of authentication and accounting reports.
Data Access Logs
All data access events are logged, and reports can be provided to the customer when required.
Data Classification Capabilities
Data Classification Capability
The application allows classification of stored data in different security types – public (captive portal pages and shared files), confidential (configuration) and proprietary (source code)
Each classification is treated differently in terms of encryption and access control.
The customer has the copyright and ownership of the content uploaded to our portal. Customer owns data they produce or upload to the platform.
If the customer decides to leave the service, all data associated with the customer is automatically erased after 30 days. Log data is erased after the retention period of 6 months.
Download on Cancellation
If the customer leaves the service, he is allowed to download the data. Data will be available for download after contacting the support personnel.
Policy Enforcement and Access Control
Support for a role-based authentication/access
Application administrators can define multiple roles with different access permissions. These roles can be assign to team members. All roles are using the same authentication/access mechanisms.
Support for multi-factor authentication
The IronWifi platform does not require more than one authentication credential from the user.
SSO / AD Hooks
The application provides authentication via the OAuth protocol and optionally also via SAML 2.0. Other authentication protocols list OpenID, Facebook, Twitter, AD/LDAP, and LinkedIn are available only for Captive Portal users.
Granular Action Based Authorization Policies
An account administrator can add new members to the account. New members can have one of the following permissions assigned:
- Is Owner – can change account settings and manage team members
- Can edit – can change account settings
- Can read – can read all account settings and information
Support for device types
At this moment, we are no longer maintaining any native apps for iOS, Android, Windows Mobile, Blackberry or Desktop platform
Customers are allowed to provide a set of IP addresses so that only those IP addresses will be allowed to use the application.
Enforceable best practices for passwords
The application enforces best practices for passwords, requiring at least eight characters long passwords. The application does not define the frequency of change.
Data encryption at REST
The IronWifi console is using REST API, and all API calls are authorized with an OAuth access token. Data encryption is not enforced at the REST level.
Data encryption in transit
All information is protected using TLSv1.2 encryption algorithm during transfer (SSL).
Data maintained per tenant
The platform does not support encrypting customer data with a key managed and provided by the customer.
The platform supports file sharing facility. Customers are allowed to upload and share their files via their Captive Portal.
File Sharing Capacity
The platform does not allow anonymous sharing of data. A valid customer account and a credit card might be required to share a more massive amount of data.