Tensoft takes security seriously, especially when it comes to our customer’s data. This Cybersecurity Awareness Month, we would like to share some of the best practices that Tensoft has adopted to ensure that we have a stable and secure environment for our applications and customers data. All the Tensoft applications – SemiOps and DemandOps – are in the cloud. So, the emphasis is on secure configuration of cloud infrastructure and proactive management of systems and databases.
- Strong Emphasis on Systems and Data Security
Tensoft has adopted a very proactive approach and is taking measures to eliminate any vulnerabilities. We have two teams working on the Annual Penetration Tests – an independent external 3rd party security company to alert us on any exposures and a dedicated division of Connectria looking at the internal security.
We have monthly security meetings with our platform team to review potential exposures. There are tools in place for multiple scans of all critical servers to ensure security patches are kept up-to-date. We do have planned monthly security update windows for patches needing server restarts to minimize customer impact. There are automated alerts when critical resource thresholds are exceeded.
- Proactive Database Administration
To make sure all our databases are being administered in an organized and robust way, we meet monthly with our Database administration team. We have a close oversight to ensure all backups are occurring as intended and are aware of the retention polices including offsite storage. We are continuously monitoring the performances of the databases including the indexes in order to provide fast responses to front-end users. There is proactive planning for new database versions and upgrades.
- Formal Change Management Process
Over the last year, we have introduced a much better change management process. To make significant changes like software upgrades and hot fixes, database changes, etc., users need to login as a Power user and need to submit a formal ticket. Our platform team provides automated elevated monitoring of all tasks performed.
- Minimize External Exposures
Tensoft applications use APIs for external integration and reporting, and also for internal system updates. We have made sure that the application programming interfaces (API’s) used for Tensoft system to system updates only are not exposed to the external Internet. Only the API’s that require external access (like for reporting or use with Power BI) are outward facing. These externally facing API’s are thoroughly tested in the penetration tests to ensure there are no inadvertent vulnerabilities.
- Formal Active Directory, Database, and Application Security Model
We have an organized methodology and tight control of Active Directory objects and system administrator access. There are no unnecessary database or SQL access levels.
Along with these security measures, Tensoft applications like SemiOps and DemandOps have security/audit modules that allow customer admins to view all the system users and see the changes made by them.