Application Security

Authentication

User accounts are password protected, and stored encrypted by default.

Alternatively, eXo Platform supports multiple authentication methods such as SAML2, Google, Microsoft5, and OpenID.

This way you can keep control of user-provisioning application access and password policies.

Access Privileges

eXo features are backed by a role based permissions system that can be fully customized and adapted to your organization.

Groups in your Enterprise User Directory (ActiveDirectory or LDAP) can be mapped to eXo in order to reflect your application access policies.

Data Leaks & Privacy

eXo can be integrated with Anti-malware to protect your users from manipulating unsecure content.

Data Leak Prevention feature lets you sensibilize users to the sensitivity of the documents exchanged and detect and stop potentially sensitive content leaks.

eXo does not require extensive personal data, making it easy to reach your data privacy goals (such as GDPR compliance)

Software Development Security

Security by Design

Our software engineers are security conscious, trained to apply state of the art secure design and coding guidelines (e.g OWASP).

Additionally, no single line of code is allowed to be pushed without a code review.

Our code uses only largely popular open source libraries that are frequently audited and patched by a large community of security researchers.

Code Audits

Our code repositories and binaries are automatically scanned for vulnerabilities that we assess and patch continuously.

Additionally, we regularly seek third-party security audits of code by specialized firms.

Advisories

Our security team actively monitors CVEs and other vulnerability repositories and applies patches proactively on systems and libraries on the systems we managed.

Our self-hosted customers are kept informed timely through our security advisories.

Infrastructure Security

Data Centers

eXo leverages leading cloud infrastructure providers (mainly Google and OVH) that are certified on industry standard of security compliance labels.

Our providers are global, allowing us to comply with data residency requirements in the US, in the EU and in dozens of other countries.

Data Protection

We backup your data daily and store the backups encrypted in a separate data center.

Data transmissions are encrypted end to end with TLK/SSL protocols.

Also, backup retention is deliberately short to avoid keeping your data more than necessary.

Deployment Model

Our most security-demanding clients opt for dedicated hosting to provide fully segregated resources or even choose the
certified trusted cloud (SecNumCloud).

We can offer interconnection with your internal IT systems through a secured link.

Self-hosting is also an option for companies requiring ultimate control of their IT operations.

System Security

Organisation

Your data is only accessible by a limited number of authorized and trained persons of our own staff.

We won’t access your data without your explicit permission for other reasons than customer service and data protection.

We have personnel with special security clearances allowing them to work in sensitive and regulated public or private contexts.

Network & Operations

Our production network is built on top of segregated VLANs networks and multiple firewall layers.

Data transferts are encrypted with TLS.

Our authorized operations personnel work on hardened workstations. Only them are able and connect to servers through VPNs and bastions with strong authentication mechanisms

Active Protection

All our systems are monitored for health and intrusion detection.

We use various server and infrastructure-level intrusion detection and defusing mechanisms to protect our systems.

Systems installations and upgrades are automated. Security updates installed automatically when available.

We regularly commission 3rd party audits for penetration tests on our hosted services platforms

Compliance Labels

  • ISO/IEC 27001
  • ISO 27017
  • ISO 27018
  • SOC 1, 2 & 3
  • FedRAMP
  • CSA
  • SecNumCloud
  • GDPR

Get your Digital Workplace

Ready to reach out?

Contact us
choice2-1-left-bottom choice2-1-right-top choice2-1-right-bottom