More than 20 thousand users confide us to run their businesses. Nothing is more important to our company than the privacy of our customers’ data and their business safety. Our security, privacy, and compliance policies are built on the experience gained and our staff professionalism.
UNOVI provides products and services to thousands of customers worldwide. Our software helps to solve their day to day tasks and business problems. Helps them to automate business workload and decrease running costs. Security is a key concern we pay attention to. We take into account all of the security aspects that may influence our customer’s data. We shield our clients in the sphere of data security, operational security, authorisation and authentication security and physical security. This page covers all topics related to customer and software security.
Our security strategy involves the listed below activities but not limited to:
- Authentication and Login Control
- Product Security
- Data Safety
- Issue Management
- In Service Security
- Customer Shield Oversight
Authentication and Login Control
At UNOVI, we’re always thinking of ways to better protect our customers and keep their data secure. That’s why we require customers to enable multi-factor authentication (MFA) in order to access UNOVI products. It provides an extra layer of security by demanding an additional verification that the user must possess, in addition to the password. This can greatly reduce the risk of unauthorized access if a user’s password is compromised. You can configure multi-factor authentication using UNOVI U-Auth.
Currently, we also provide even stronger authentication modes like Biometric Touch ID or Face ID, Push Notification, QR Code Authentication, National ID Card Identification, and Time-based OTP. We also support different hardware such as Security Key, Tokens, Code Calculators for multi-factor authentication.
All our products are secure by design, where every change and feature in our products goes through secure coding guidelines, code analyzer tools, vulnerability scanners, and manual review processes. Our robust security framework based on OWASP standards, implemented in the application layer, provides functionalities to mitigate threats. Our employees think “security first” and we incorporate security into our entire software development process.
Our framework ensures that each customer’s data is logically separated from other customers’ data. Segregated client’s data hosting and geographically separated servers help to maintain your data and keep safety on the highest ever possible level. We use end-to-end encryption, so no one in the world can get your data, not even us. Furthermore, we provide encryption at rest as well as in transit to protect our customers’ data. Data retention and backup happens in a secure manner.
Sensitive customer data at rest is encrypted using 256-bit Advanced Encryption Standard (AES). The data that is encrypted at rest varies with the services you opt for. We own and maintain the keys using our in-house Key Management Service (KMS). We provide additional layers of security by encrypting the data encryption keys using master keys. The master keys and data encryption keys are physically separated and stored in different servers with limited access.
UNOVI takes security issues very seriously and are committed to protecting our users’ data and private information. If you believe you’ve found a security issue or vulnerability, please contact the UNOVI Security team: firstname.lastname@example.org .
If you’d like to report spam or phishing, contact us at email@example.com .
If you are a security researcher and would like to submit your vulnerability report to our Bug Gratuity program, please send the report with all the relevant details to firstname.lastname@example.org .
Security issues or vulnerabilities may include:
- XSS attack
- CSRF attack
- SQL injection vulnerability
- DNS hijacking
- Session vulnerability
- Unsecured API
- Authentication spoofing
- Other vulnerabilities
Please contact the relevant teams for other issues regarding:
- Copyright infringement
As a leading software-as-a-service and platform-as-a-service provider, Salesforce is committed to setting the standard in safeguarding our environment and customers’ data. Partner with us by reporting any security concerns email@example.com
In Service Security
We monitor and analyse information gathered from services, internal traffic in our network, and usage of devices and terminals. We record this information in the form of event logs, audit logs, fault logs, administrator logs, and operator logs. These logs are automatically monitored and analysed to a reasonable extent that helps us identify anomalies such as unusual activity in employees’ accounts or attempts to access customer data. We store these logs in a secure server isolated from full system access, to manage access control centrally and ensure availability.
Real-Time Event Monitoring
Real-Time Cyber Watch helps us monitor, detect and prevent any safety issues and events in UNOVI in near real-time. We can store the event log data for auditing or reporting purposes. We provide threats monitoring different levels which applying depend on user behavior and other factors we take into account. With Real-Time Cyber Watch, we may gain greater insights into:
- Who viewed what data and when
- Where data was accessed
- When a user changes a record using the UI
- Who is logging in and from where
- Who in your org is performing actions related to Platform Encryption administration
- Which admins logged in as another user and the actions the admin took as that user
- How long it takes a UNOVI page to load
- What hardware you use and how
- Threats detected in your org, such as anomalies in how users view or export data, reports, session hijacking attacks, or credential stuffing attacks
- User behavior patterns