Formpipe.Cloud takes data security very seriously, building our platform around many security-focused features, taking the necessary steps to handle both platform and customer data security.
- Application Gateway
- Multi-Factor Authentication (MFA)
- Azure Service Endpoints
- End-to-End encryption
- HTTPS encryption
How do we prevent unauthorised access to the platform?
All web traffic to Formpipe cloud is routed through our Application Gateway. This is a separate entity to servers hosting applications and data, which protects them from malicious attacks and unauthorized access, with the added functionality to restrict access with IP whitelisting, greatly improving security.
Application Gateway has built in extensive monitoring and alerting tools to pick up on 'bad requests', and additional protection enabled with port scanning tools and DDoS protection.
Accounts on the platform are linked to the Formpipe domain and controlled by Multi-Factor authentication (MFA). Therefore, on our domain we can manage the access levels of the users and view who is accessing what resources.
How are data transfer channels protected?
We use Azure Service Endpoints which provide direct connectivity between services in Azure without connecting to a public IP address. On our standard subscription we use HTTPS protocols to encrypt data transfer channels.
- Application traffic uses end-to-end transport layer encryption and/or application-specific encryption mechanisms (e.g. message-level encryption when sending payloads over other communication channels).
- Data at rest is encrypted for Azure services and storage (Azure Blob Storage and Azure SQL).
- Environments have storage encryption applied and use Azure Key Vault to securely store encryption keys.
- Lasernet portal and Autoform DM are only accessible via HTTPS communication protocol.