How secure is Navvia?

Application Security

Our Navvia application has been architected from the ground up to be safe and secure:

  • No use of Open Source software
  • Build on the latest versions of Microsoft IIS, Microsoft SQL and Microsoft .NET
  • Use of secure sockets, port 443 with a Security certificate issued by Network Solutions
  • AES-256 encryption for all data communications
  • All other server ports are locked down with the exception of port 3389 which is protected by IP address filtering and 2-factor authentication
  • Support for complex passwords
  • Ability to restrict user access by IP address
  • Support for Single Sign On (SAML 2.0)

 

Physical Security

We house the application at a world-class datacenter:

  • 24×7 onsite security staff
  • Video surveillance
  • Biometric security
  • Physical access controls
  • Advanced fire detection and suppression systems
  • 24 X 7 network and system monitoring
  • Firewalls, DMZ and intrusion detection and prevention systems
  • Backup air conditioning and power systems including generators
  • Automated “disk to disk” offsite backups (encrypted)

 

Penetration Testing

  • Navvia conducts a semi-annual penetration test of the production system. Navvia support staff reviews results of the test and any identified issues are prioritized and remediated as quickly as possible based on the impact and urgency of the issue.
  • The test is performed by IPS (www.ipsnetworks.com). Founded in 2001, IPS is a national leader in information security, compliance and managed services. IPS uses best of breed network and security products combined with industry-leading security practice methodologies to provide protection from today’s dynamic security threats.
  • Clients are permitted to conduct their own penetration test of the Navvia software. These tests must be scheduled with Navvia and are conducted at the client’s expense. To schedule a test please contact support @ navvia.com.

• Posted by Chief Navvian on Oct 31, 2015
• Filed under

Share this post