Technical specifications

 
 
shutterstock_514812787.jpg

Ownership of Data

All data entered into IRIS is owned by the organization who has purchased the specific IRIS account. Further details are available in section 3 of IRIS’s Terms and Agreements available when an account is created.

Database

  • SQL Server

  • Encrypted at the storage level


Cloud Provider

IRIS is hosted on a market-leading hosting provider, with state-of-the-art data centers.

Software

  • .net

Security Reports

Sunexo Inc can provide SOC 2 Type 2 and SOC 3 Type 2 reports from our hosting partner on request.


Password Policy

Sunexo uses a complex password policy which is enforced through the actual platform itself.

The policy

  • Password must be minimum 8 and maximum 25 characters long.

  • Password must have at least three of the following type characters:

    • Lowercase letters

    • Uppercase letters

    • Numbers

    • Special Characters

• You cannot use your previous password again.



Encryption

In today’s world, security should be a deciding factor when choosing a cloud vendor. Sunexo Inc takes security and privacy seriously. Encryption in transit and at rest are central components of our security strategy which help to ensure data can only be accessed by authorized services within our Cloud Platforms.

Encryption is the process of encoding information in a way that only authorized entities can access it in a decipherable way. The method of encrypting the information typically uses a publicly available algorithm but relies on a key which is kept private to encrypt the information. To decrypt the information back to a decipherable format, the private key will be required. This means that even if someone were to gain access to the encrypted information, they will not be able to understand it without access and use of the private key.

The Sunexo platform uses two major types of encryption; “At Rest” and “In Transit”. The encryption “At Rest” can be further divided into two sub types; encryption at the storage level and encryption at the database.

Encryption at Rest

Encryption of data stored at rest is an important part of a broader data security strategy. Encryption helps ensure that if data is somehow obtained in an unauthorized fashion, the person will not be able to access the data without also having access to the encryption keys. This means that even if someone obtains the storage devices upon which the Sunexo platform sits, they will not be able to decrypt the data on the storage devices. Additionally, Encryption is an important part of how Sunexo Inc helps ensure the privacy of customer data while still allowing our engineers to maintain and support all infrastructure, while providing a built-in mechanism to protect access to customer content.

Each chunk of customer data is encrypted prior to being written to the storage system and then is distributed across the storage system in chunks. An unauthorized user would need to have access to not only all chunks that make us the data they want to access, but also the encryption key(s) corresponding to that encrypted data. The encryption keys are protected by controls that ensure data access is granted by authorized roles at authorized points-in-time. This further helps prevent unauthorized access to data, increasing data security and privacy. Data is encrypted using Advanced Encryption Standard 256-bit (AES-256). This encryption standard is the only publicly accessible encryption cipher approved by the National Security Agency (NSA) for top-secret information and is often included as part of customer compliance requirements. In the Sunexo Inc Cloud Platform, the AES-256 encryption is implemented at the storage system layer in a cipher mode of XTS-plain64, using a hash algorithm of sha256, and key size of 512-bits with half of the bits used for the cipher key and the other half used for the XTS key. In addition to the storage system level encryption described above, data is also encrypted at the storage device level, AES-256 for solid state drives, using a separate device-level key, which is different than the key used for encryption at the storage system layer.

Encryption in Transit

As you use a cloud solution using a web browser as you do with the Sunexo cloud platform, data is being sent between your browser on your device, be that a desktop computer, smartphone or tablet, and the Sunexo cloud server. This data transmission is what is known as data in transit and is vulnerable to people tapping into the transmission and gathering data. To combat this behavior Sunexo uses encryption in transit methods.

Sunexo uses SSL between your device and the Sunexo Server and utilizes certificates to exchange public keys.



Additional Questions

Please contact us: inquiry@sunexoinc.com.