Security
Published: · · Category: Internal
Security
Login and authentication is based on an integration of Azure Active Directory on the server side and Active Directory / Single Sign-On on the client side. This means that Proactima and UXRisk do not have access to user credentials, and the risk of leakage of usernames and passwords are strongly reduced compared to traditional web applications.

Confidentiality and integrity

The client uses encrypted communication (HTTPS) to authenticate and communicate with the server side.

The UWP app runs in a separate sandbox where Windows checks what it can do and prevents other programs from interfering.

Physical storage is in Azure public cloud, designed from scratch with information security as a top priority. In the UWP app all data is saved continuously / automatically to ensure minimal loss of data. Multi User Functionality is solved without checking in and out objects (similar to chat, facebook etc.).

 

Availability
UXRisk is a Self-Service Software as a Service (SaaS) available for download from Windows Store (https://uxrisk.com). Automatic updates ensure that users are running the latest version with the latest security updates installed. The server platform running on Microsoft Azure ensures that users can access their data from anywhere in the world, with excellent response, with no downtime (99.9%), given that the user has a working internet connection.

 

Personnel Safety and Risk Assessment
All developers are employed by Proactima and have been through a rigorous hiring process consisting of background check, interview and confidentiality agreement.

Our developers have high awareness of security issues. We have in cooperation with our developers conducted a risk assessment of UXRisk with regards to information security. Risk reduction measures are systematically being followed up and the risk assessment is regularly updated. In addition, we have conducted an independent external security review, and we have conducted penetration tests using professional hackers.