Assette’s client portal is built on a secure, cloud-based infrastructure leveraging Microsoft Azure services. This article provides a detailed overview of the security framework and hosting environment implemented to safeguard your data and ensure reliable access to the client portal.
Hosting and Security Framework #
The Assette client portal is hosted within our standard virtual network (vNet) on Microsoft Azure. It inherits the same robust security framework that is applied across the entire Assette platform. However, certain authentication mechanisms, such as multi-factor authentication, may vary based on client-specific configurations.
Key Security Features #
Network Access #
- Restricted Public Access: Public access to the client portal is disabled.
- Secure Entry Points: Access is only available via Azure Front Door, which ensures secure and scalable ingress.
Firewall Protection #
- The portal is protected using Azure Web Application Firewall (WAF) and Intrusion Prevention System (IPS) to detect and block malicious traffic.
Data Encryption #
- In Transit: All data exchanged between users and the portal is encrypted using TLS/HTTPS protocols.
- At Rest: Data is encrypted using Azure Transparent Data Encryption (TDE). Additionally, SQL Server Always Encrypted is implemented to protect all personally identifiable information (PII).
Key and Certificate Management #
- Azure Key Vault is used to securely manage all cryptographic keys and certificates.
Monitoring and Threat Detection #
- The portal is monitored using a comprehensive security stack, which includes:
- Azure Monitor
- Microsoft Defender for Cloud
- Azure Sentinel
Data Backup and Redundancy #
- Point-in-Time Restore (PITR): Regular backups allow for restoration to any point within the retention period.
- Geographic Redundancy: Backups are distributed across U.S. East and U.S. West Azure regions to support high availability and disaster recovery capabilities.
Annual Penetration Testing #
- External penetration testing is conducted annually to independently evaluate and validate the security posture of the client portal.