Security at eXo

User accounts are password protected, and stored encrypted by default.

Alternatively, eXo Platform supports multiple authentication methods such as SAML2, Google, Microsoft5, and OpenID.

This way you can keep control of user-provisioning application access and password policies.

eXo features are backed by a role based permissions system that can be fully customized and adapted to your organization.

Groups in your Enterprise User Directory (ActiveDirectory or LDAP) can be mapped to eXo in order to reflect your application access policies.

eXo can be integrated with Anti-malware to protect your users from manipulating unsecure content.

Data Leak Prevention feature lets you sensibilize users to the sensitivity of the documents exchanged and detect and stop potentially sensitive content leaks.

eXo does not require extensive personal data, making it easy to reach your data privacy goals (such as GDPR compliance)

Our software engineers are security conscious, trained to apply state of the art secure design and coding guidelines (e.g OWASP).

Additionally, no single line of code is allowed to be pushed without a code review.

Our code uses only largely popular open source libraries that are frequently audited and patched by a large community of security researchers.

Our code repositories and binaries are automatically scanned for vulnerabilities that we assess and patch continuously.

Additionally, we regularly seek third-party security audits of code by specialized firms.

Our security team actively monitors CVEs and other vulnerability repositories and applies patches proactively on systems and libraries on the systems we managed.

Our self-hosted customers are kept informed timely through our security advisories.

eXo leverages leading cloud infrastructure providers (mainly Google and OVH) that are certified on industry standard of security compliance labels.

Our providers are global, allowing us to comply with data residency requirements in the US, in the EU and in dozens of other countries.

We backup your data daily and store the backups encrypted in a separate data center.

Data transmissions are encrypted end to end with TLK/SSL protocols.

Also, backup retention is deliberately short to avoid keeping your data more than necessary.

Our most security-demanding clients opt for dedicated hosting to provide fully segregated resources or even choose the
certified trusted cloud (SecNumCloud).

We can offer interconnection with your internal IT systems through a secured link.

Self-hosting is also an option for companies requiring ultimate control of their IT operations.

Your data is only accessible by a limited number of authorized and trained persons of our own staff.

We won’t access your data without your explicit permission for other reasons than customer service and data protection.

We have personnel with special security clearances allowing them to work in sensitive and regulated public or private contexts.

Our production network is built on top of segregated VLANs networks and multiple firewall layers.

Data transferts are encrypted with TLS.

Our authorized operations personnel work on hardened workstations. Only them are able and connect to servers through VPNs and bastions with strong authentication mechanisms

All our systems are monitored for health and intrusion detection.

We use various server and infrastructure-level intrusion detection and defusing mechanisms to protect our systems.

Systems installations and upgrades are automated. Security updates installed automatically when available.

We regularly commission 3rd party audits for penetration tests on our hosted services platforms