In addition to its advanced access control and user authentication mechanisms, RunMyProcess DigitalSuite employs a variety of means and procedures to protect its customers' data.
Protection of Server and Storage Systems
The server and storage systems of DigitalSuite are hosted in data centers operated by Amazon Web Services (AWS). They fully utilize the state-of-the-art security and protection mechanisms of AWS, including firewalls, 24/7 availability in different zones, replication and redundancy, backup and recovery.
Only a strictly limited subset of RunMyProcess personnel can access the server and storage systems and the different logs related to them. Any access is secured by means such as VPN and PKI certificates. Local control and access to all systems is deactivated.
Multi-Tenancy and Data Segregation
DigitalSuite is a multi-tenant cloud platform built from the ground to keep customer data private while enabling the benefits of a shared technical and operational environment. Every customer's data and applications are segregated and compartmentalized to be available only to authorized users within their organization.
The data segregation is achieved by software and storage mechanisms.
- Software: User authentication and authorization mechanisms ensure that customers cannot access data that does not belong to their account.
- Storage: Each customer's data is stored in separate physical MongoDB databases (collections), logical MySQL database partitions (account configuration data), or AWS S3 folders (application and process definitions, raw process execution data). Any access is strictly authorized, preventing information visibility between customers.
RunMyProcess personnel do not have access to customer environments during normal operation. For support purposes, however, customers can grant access to an explicitly named RunMyProcess support team member for a defined amount of time.
In order to ensure high protection of customer data, the following encryption mechanisms are in place:
- Specific data at rest (e.g. uploaded files, collections) is encrypted with asymmetric 256 bit keys which use the AES/CBC/PKCS5Padding algorithm.
- Application configurations, process definitions, and process data at rest are encrypted with customer-specific, asymmetric 256 bit keys which use the AES/CBC/PKCS5Padding algorithm.
- Passwords are encrypted with the SHA256 hash function. They have a minimum length of 8 characters.
In addition to these general capabilities, DigitalSuite provides APIs which enable customers to implement their own encryption on data they handle within the platform.
The communication between browsers and the DigitalSuite platform uses HTTPS with 128 bit Transport Layer Security (TLS) supporting the SNI extension. All connections require authentication and authorization, and all user operations are recorded including the IP addresses and other session details.
For the communication between the platform and external systems, the following secure communication protocols are supported: HTTPS, SMTPS, SFTP, FTPS, FTPES, COAPS, and MQTT with SSL. All communication uses TLS with a key size of 2048.
With DigitalSuite EnterpriseConnect (DSEC), the platform enables secure access to resources that are located on-premise on enterprise systems behind firewalls. The participating systems communicate with each other by means of secure websocket connections on HTTP with TLS v1.2 encryption.
DigitalSuite maintains customer-specific logs for various events, such as the execution of processes or calls to APIs. Most important for audit and security purposes is the recording of any user access to the platform, including user login, timestamp, location, and a description of any action undertaken. Only administrators of the customer and a strictly limited subset of RunMyProcess personnel can access these logs via secured connections.
Customers can create additional logs for their own purposes during process execution. These logs are only accessible to the customer through the provided APIs.
Production data is kept without any time limit as long as a customer's contract is in force.
Instant access to test and acceptance data is guaranteed for a period of two months. Older data may be deleted without any notice.