Oloid implements industry’s leading security practices and conforms to the most stringent standards for data privacy to keep you protected and compliant. Oloid has a comprehensive approach to privacy & security. This includes a complete security program with secure development and testing; a secure and scalable infrastructure; and capabilities within the product that enhance security and give customers control over key security features.
Compliance
SOC 2 Type 2 audited
Oloid has successfully completed a Service Organization Controls 2 Type 2 audit with a third-party evaluator certified by The American Institute of CPAs (AICPA). This audit uses the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of a service organization's controls with respect to security, availability, processing integrity, online privacy, and confidentiality. Audit reports are available to current and prospective customers.
Hosting Environment and Physical Security
Oloid platform is hosted on highly available & secure public cloud infrastructure from Amazon Web Services (AWS) & Google Cloud Platform (GCP). Amazon & Google maintains high standards of security for their data centres. You can read further about AWS & GCP security here: https://aws.amazon.com/security/, https://cloud.google.com/security
Application Security
No consumer has access to the data of another. Authenticated sessions, which are necessary for any page access, are enforced on various tiers of the architecture. Session data is stored in cookies that do not contain any personally identifiable information about customers. During page access, no client ID is ever transferred or kept, preventing ID spoofing.
Network Security
The Oloid platform portal is only accessible over HTTPS. Traffic over HTTPS is encrypted and is protected from interception by unauthorized third parties. Oloid follows current best practices for security, including the use of strong encryption algorithms with a key length of at least 128 bits.
Oloid Workflow uses secure protocols for communication with third-party systems: usually HTTPS, but other protocols such as SFTP and FTPS are also supported. For Oloid Workflow on-premise solution, Oloid requires the installation of an on-premises application behind the firewall, which communicates outbound to Oloid Cloud platform.
Authentication
Clients’ login to Oloid Platform & Oloid Workflow using a password that is known only to them. Password length, complexity, and expiration standards are enforced. Passwords are stored in AWS Secrets Manager which provides strong encryption. The access to these secrets is managed by fine-grained AWS Identity and Access Management (IAM) policies.
Oloid Platform & Oloid Workflow supports automatic session logout after a period of time. Enterprises can set the appropriate timeout period according to their security needs.
When Oloid Workflow flows connect to remote systems using user-supplied credentials, where possible this is done using OAuth2, and in those cases, no credentials need to be stored in the Oloid Workflow system. However, if a remote system requires credentials to be stored, they are also stored in AWS Secrets Manager which provides strong encryption.
Vulnerability and Penetration Testing
Oloid conducts regular internal vulnerability testing. Oloid also engages a qualified 3rd-party to conduct a regular platform level vulnerability and penetration test. The results are analysed and vulnerabilities are addressed based on risk and severity.