Shireburn

All Indigo data is stored electronically in an SQL Azure database in Netherlands, &nbsp;hosted on the Microsoft Azure Platform and is replicated to a secondary server in Ireland. Storage files such as attachments are kept on an Azure File Storage account in Netherlands and geo replicated to another server in Ireland.&nbsp;

We use SQL Azure Database replication to keep your data safe in the case of system failure. We also keep a point in time recovery backup for the last thirty five days.&nbsp;

Application is hosted as a platform using Azure Application Services and there is no access via remote desktop to the machines

All data sent to Indigo is encrypted in transit. Our API and application endpoints are TLS/SSL only and score an "A" rating on <a href="https://www.ssllabs.com/ssltest/analyze.html?d=indigo.shireburn.com" rel="nofollow noopener noreferrer" target="_blank">SSL Labs' tests</a>

Implemented all security headers to block any click jacking and XSS attacks with a rating of "A" on <a href="https://securityheaders.io/?q=indigo.shireburn.com&amp;followRedirects=on" rel="nofollow noopener noreferrer" target="_blank">securityheaders.io</a>

Tinfoil Security for constant scanning of vulnerabilities [In Progress]

Transport Layer Security (TLS) provides protection of data in transit on SQL Database connections.

Database Firewall - Only IP’s of the App Server &amp; Shireburn IP Addresses (Only authorised Shireburn personnel which require such access to perform their job efficiently are given access) are white listed.&nbsp;

We also use <a href="https://msdn.microsoft.com/en-us/library/bb934049.aspx" rel="nofollow noopener noreferrer" target="_blank">Transparent data encryption</a> which protects data at rest by encrypting the database, associated backups, and transaction log files at the physical storage layer. This encryption is transparent to the application, and uses hardware acceleration to improve performance. 

- Application is hosted as a platform using Azure Application Services and there is no access via remote desktop to the machines
- All data sent to Indigo is encrypted in transit. Our API and application endpoints are TLS/SSL only and score an "A" rating on <a href="https://www.ssllabs.com/ssltest/analyze.html?d=indigo.shireburn.com" rel="nofollow noopener noreferrer" target="_blank">SSL Labs' tests</a>
- Implemented all security headers to block any click jacking and XSS attacks with a rating of "A" on <a href="https://securityheaders.io/?q=indigo.shireburn.com&amp;followRedirects=on" rel="nofollow noopener noreferrer" target="_blank">securityheaders.io</a>
- Tinfoil Security for constant scanning of vulnerabilities [In Progress]
- Transport Layer Security (TLS) provides protection of data in transit on SQL Database connections.
- Database Firewall - Only IP’s of the App Server &amp; Shireburn IP Addresses (Only authorised Shireburn personnel which require such access to perform their job efficiently are given access) are white listed. 
- We also use <a href="https://msdn.microsoft.com/en-us/library/bb934049.aspx" rel="nofollow noopener noreferrer" target="_blank">Transparent data encryption</a> which protects data at rest by encrypting the database, associated backups, and transaction log files at the physical storage layer. This encryption is transparent to the application, and uses hardware acceleration to improve performance. 

We use <a href="https://docs.microsoft.com/azure/sql-database/sql-database-auditing-get-started" rel="nofollow noopener noreferrer" target="_blank">Auditing for SQL Database</a> and <a href="https://msdn.microsoft.com/library/cc280386.aspx" rel="nofollow noopener noreferrer" target="_blank">SQL Server audit</a> to track database events and write them to an audit log. Auditing enables us to understand ongoing database activities, as well as analyze and investigate historical activity to identify potential threats or suspected abuse and security violations.

We also use <a href="https://docs.microsoft.com/azure/sql-database/sql-database-threat-detection-get-started" rel="nofollow noopener noreferrer" target="_blank">SQL Database Threat Detection</a> to detect anomalous database activities indicating potential security threats to the database. Threat Detection uses an advanced set of algorithms to continuously learn and profile application behavior, and notifies immediately upon detection of an unusual or suspicious activity. Threat Detection can help you meet the data breach notification requirement of the GDPR.

- We use <a href="https://docs.microsoft.com/azure/sql-database/sql-database-auditing-get-started" rel="nofollow noopener noreferrer" target="_blank">Auditing for SQL Database</a> and <a href="https://msdn.microsoft.com/library/cc280386.aspx" rel="nofollow noopener noreferrer" target="_blank">SQL Server audit</a> to track database events and write them to an audit log. Auditing enables us to understand ongoing database activities, as well as analyze and investigate historical activity to identify potential threats or suspected abuse and security violations.
- We also use <a href="https://docs.microsoft.com/azure/sql-database/sql-database-threat-detection-get-started" rel="nofollow noopener noreferrer" target="_blank">SQL Database Threat Detection</a> to detect anomalous database activities indicating potential security threats to the database. Threat Detection uses an advanced set of algorithms to continuously learn and profile application behavior, and notifies immediately upon detection of an unusual or suspicious activity. Threat Detection can help you meet the data breach notification requirement of the GDPR.

Data storage

Data access and backup

Data Collection & Transmission

Auditing & Threat Detection