Your security is very important to us! Here's a rundown of what we do every day to keep your data safe, and ensure that we apply best practices on our SaaS platform.
Backups / Disaster recovery
Backups
Customer data is the focus of Madiasoft teams' attention. To ensure data integrity and availability, Madiasoft operates a high-performance, redundant backup system.
Backup infrastructures are not located in the same region (i.e. the same datacenter) as production systems. This organization guarantees optimum availability and integrity, while meeting our RTO and RPO requirements.
Backup frequency and retention time are as follows:
- Customer files stored by Kafinea: Daily backup, 100-day retention period
- Kafinea customer database: Daily backup, 7-day retention
Disaster recovery
- RPO: Recovery Point Objective
For Kafinea, the default is 24 hours. - RTO: Recovery Time Objective
As standard, Madiasoft does not define an RTO for Kafinea.
However, in the event of a serious incident resulting in a prolonged interruption of service for a given customer, Madiasoft undertakes to restore the Kafinea service within 48 hours, based on the most appropriate backup.
Database security
- Customer data is stored in a dedicated database - no data sharing between customers.
- Data access control rules implement complete isolation between client databases running on the same cluster, with no access possible from one database to another.
Password security
Each Kafinea user is authenticated by a unique identifier and a strong password. The addition of a second authentication factor is strongly encouraged and will soon be mandatory.
User passwords are not stored unencrypted in the Madiasoft information system.
The default rule for our perimeters is to use non-reversible hash-type encryption functions with secure algorithms.
System security
A hardening policy designed to secure operating systems has been implemented. The aim is to reduce the possible attack surface, by deactivating or removing non-essential objects (services, applications, functionalities, etc.). This involves implementing special security options and ensuring software updates.
Hardening operations on server operating systems concern :
- Update
- Account strategy
- User and network rights
- Logging
- Malware protection
- Service role and functionality
- User area
- Disk space
Security of banking information
- We never store credit card information on our own systems.
- Your credit card information is always transmitted securely directly between you and our PCI-compliant payment acquirers.
Application design security
Madiasoft has put in place an approach aimed at integrating security throughout the lifecycle of the applications it develops. This approach is based on OWASP recommendations.
Data encryption
Data transfer to public networks
Data transfers to public networks are encrypted using secure protocols (HTTPS, TLS, SFTP, SSH, etc.).
Certificates
In order to guarantee the highest level of security, the HTTPS certificates used by Kafinea come from recognized public certification authorities. The management of these certificates is governed by procedures covering their life cycle.
Figures
The rules governing the length of encryption keys are:
Asymmetric encryption: greater than or equal to 2048 bits
Symmetric encryption: greater than or equal to 256 bits
Madiasoft uses encryption software based on AES256 to create secure archives.
Security vulnerability management
Vulnerability scanning
Scans of the entire Internet perimeter of Madiasoft's IS are carried out regularly, using a vulnerability scanner managed by the Madiasoft security team.
These scans are used to check that hardware and software are correctly configured, in order to detect any vulnerabilities.
Results are reviewed and specific action plans are drawn up.
Report security vulnerabilities
If you need to report a security vulnerability, please share the details by writing to security@madiasoft.com. These reports are treated with high priority and the issue will be assessed and resolved by the Kafinea security team, in collaboration with the reporter.