Skip to main content

Security

Security of Appsuite product suite is very critical to us because it is critical for our customers. This page gives high level details on security aspects of Appsuite.

Datasert has been developing products for Salesforce since 2010, starting with Realfire With Appsuite and Datasert Apps in general, security is considered as a feature is thought-out before/during/after product development.

Here are the security practices that we follow to ensure that information you entrusted to us as part of the application usage is dealt with care and diligence that it deserves.

Employees Security

Datasert uses enterprise sso with mfa for all of its employees so that we have a single point of gateway to control employee access.

Coding Practices

We use Github/Gitlab as preferred Source Code repository vendors. Each code commit into version that goes to production peer reviewed for following things.

  • Ensure that code does not log any sensitive information including credentials/pii and customer data
  • Code commit does not include any kind of access keys or system passwords hard coded in plain text
  • Code clears the memory of sensitive information immediately after it is used to establish necessary connection
  • All access points are ensuring that access is Authenticated and has appropriate Authorization (including appropriate service and data access)

Cloud Platform secure Practices

Datasert uses AWS as preferred platform vendor and leverages various security tools/practices that comes with the platform.

For example,:

  • We use Cloud formation for all infrastructure/code deployment

    This ensures that we do not have any manual intervention in deployment code and hence introducing risk.

  • Separate AWS Accounts for Production environment

    We use separate environment each environment including Production. This helps to control the access to an environment by as needed basis.

  • AWS Kms Keys

    We encrypt all sensitive data using Kms Keys. We use separate key for encryption of internal sensitive data vs customer sensitive data.

  • Aws Secret Manager

    Aws Secret Manager is a managed service that allows application developers to store the application secrets.

  • IAM Roles/Policies for all Personnel with the least Privilege Model

    All employees who access production environment are given separate roles with access to only specific resources.

Customer Credentials

Customer credentials deserves to treated with additional security layer compared to all others due to nature of it. This includes any passwords they provide as part of Connection setup, oauth access tokens and secret keys etc.,

Datasert uses AES symmetric encryption to encrypt secrets with multiple encryption key factors.

  • Code Factor All secrets are encrypted using key that is part of code.

  • Environment Factor When an environment is provisioned, we assign a unique and random string to it. This environment key is persisted in AWS Secret manager.

  • Tenant Factor Every customer in the product suite (be it single-tenant or multi-tenant) gets their own random key that is provisioned automatically by the system and persisted in AWS Secret Manager.

  • Persistence Factor AWS Secret Manager itself encrypts the data before writing to persistence media.

This defence-in-depth approach enables us to ensure that secrets are properly managed and even if one factor fails, other factors keeps the information secure.

On-premise Deployment

Customer who are looking for complete control of data/deployment to ensure digital chain of custody and meets your stringent security standards, can opt to install the solution into their own AWS account. With this mode of deployment, customer gets to define and enforce the security posture of the application and at same time benefit from solution and its capabilities.

Many of our biggest customers chooses this mode of deployment. We can provide references upon request.