Formpipe.cloud takes data security very seriously, architecting our platform around many security-focused features, taking the necessary steps to handle both platform and customer data security.
- Public IP restriction
- Multi-Factor Authentication (MFA)
- Azure Private Links
- End-to-End encryption
- HTTPS encryption
How do we prevent unauthorised access to the platform?
Formpipe. cloud is never accessible through public internet-facing access points and in the case that public access is required it is locked to the IP address that will be using the resource.
Access to the platform is restricted and is only accessible for a limited time, only to perform the necessary tasks and then removes authorisation to the accessed resource. We can therefore isolate the platform to only be used when required, only for that period of time and purpose.
Accounts on the platform are linked to the Formpipe domain and controlled by Multi-Factor authentication (MFA). Therefore, on our domain we can manage the access levels of the users and view who is accessing what resources.
How are data transfer channels protected?
We use Azure Private Links to connect resources in Azure to avoid internet access on our premium subscriptions. This creates a dedicated endpoint for which traffic is guaranteed to only traverse the Azure network and not leave its boundaries. On our standard subscription we use HTTPS protocols to encrypt data transfer channels.
- Application traffic uses end-to-end transport layer encryption and/or application-specific encryption mechanisms (e.g. message-level encryption when sending payloads over other communication channels).
- Data at rest is encrypted for Azure services and storage (Azure Blob Storage and Azure SQL).
- Environments have storage encryption applied and use Azure Key Vault to securely store encryption keys.
- Lasernet portal and Autoform DM are only accessible via HTTPS communication protocol.