Security is one of the biggest considerations for every SaaS (Software as a Service) product. We have built Bold Reports SaaS on Microsoft Azure, which is committed to the highest levels of trust, transparency, standards conformance and regulatory compliance with the most comprehensive set of compliance offerings of any cloud service provider.
This document explains the important security features handled by Bold Reports for customers fulfillment such as azure security, authentication, authorization, data security, application security, disaster recovery and business continuity, network security, application monitoring, stripe payment gateway, and more.
Azure Security Center is the first line of defense in protecting your Bold Reports resources in Azure, which helps prevent, detect, and respond to threats with increased visibility into and control over the security of your Bold Reports resources. It provides integrated security monitoring and policy management across our service, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
Authentication verifies the user’s identity. Anyone who wants to access and manage the resource such as reports ,data source and dataset must be user of the Bold Reports cloud application. Bold Reports cloud can be configured to use local authentication or external authentication to validate the authenticity of the user.
In local authentication, Bold Reports cloud validates the user authentication by comparing provided credential with the details stored in Bold Reports Azure’s SQL database.
Bold Reports cloud can be configured with Azure Active Directory as external authentication provider.
Bold Reports Cloud can be configured to use Azure Active Directory for importing users into Bold Reports cloud and validating their authentication. User will be logged into Bold Reports cloud once they are validated and authenticated by Azure by proving their credentials.
Authorization refers to which resource such reports or data sources or dataset, users can access on Bold Reports cloud after authentication has been verified. Authorization includes:
Bold Reports cloud provides support to control which users can see which reports, data sources and dataset. For data sources that connect to live databases, you can also control the users based on their permissions. There are read, write, create, and delete permissions, which can be assigned to users and groups. Without the read permission, no user could see your data source, data set and reports. Bold Reports does not see the following information except limited access with customer permission for support and troubleshooting:
Security is a top concern for managing databases, and it has always been a priority for Azure SQL database. Azure SQL database supports connection security with firewall rules and connection encryption. All Azure SQL database are configured with firewall rule that only connection from Bold Reports application should be allowed. Protection of database: Azure SQL database helps secure your data by providing encryption:
Bold Reports cloud provides the flexible permission system using which you can control the access to reports, data source and dataset.
Every tenant user can only login to their tenant and access the resource. Each tenant has been deployed with its own database and resource storage, which ensures that one tenant data is not shared with other tenant. Also, users belong to one tenant can only see the users belong to the same tenant and share a reports to that tenant users. Users must have permissions to view and access the reports and resources created by another user on same tenant.
Bold Reports cloud uses Microsoft Azure cloud space for customers to store data in SQL database and Blob storage. Each customer’s data is logically separated from other customers’ data using their unique identity and this set of identity will be stored in another SQL database for lookup purpose. This ensures that no customer’s service data becomes accessible to another customer.
We hold your data in Bold Reports cloud application as long as you choose to use Bold Reports Services. Once you terminate your Bold Reports cloud application, your data will get deleted from the Bold Reports cloud based on the following scenarios:
Bold Reports cloud uses the following encryptions to encrypt the secure information such as userpassword and database.
Every change and new feature is governed by a change management policy to check all application changes are authorized before implementation into production. Our Software Development Life Cycle (SDLC) mandates adherence to secure coding guidelines and screening of code changes for potential security issues with our code analyzer tools, vulnerability scanners, and manual review processes.
Bold Reports security team has years of experience in operating data centers and continually improves our processes over time. Employee access is logged and passwords are strictly regulated. We limit access data to only a few of these employees, who need such access to provide support and troubleshooting on our customer’ behalf.
SQL databases protected by automated backups, to create full backups every week, differential backups every 12 hours, and transaction log backups every 5-10 minutes. Azure have backups for last 35 days of your database changes. The backups are stored in RA-GRS storage blobs that are replicated to a paired data center for protection against a data center outage. When you restore a database, the service figures out which full, differential, and transaction log backups need to be restored. Read-access geo-redundant storage (RA-GRS) guarantees at least 99.99% of availability of your data. Geo-redundant storage replicates your data in different regions to check it is always available and should a catastrophic event compromise the original storage location. In addition to the redundancy of data, there is a business continuity plan for our major operations such as support and infrastructure management.
Bold Reports cloud relies on Azure network security and infrastructure helps protect your data against the most sophisticated electronic attacks. Bold Reports cloud provides the following network security.
Every data transmitted to the servers over public networks is protected using the strong encryption protocols. We mandate all connections to our servers use the Transport Layer Security (TLS 1.2) encryption with strong ciphers for all connections including web access, API access, mobile apps, and IMAP/POP/SMTP email client access. This ensures a secure connection by allowing the authentication of both parties involved in the connection and by encrypting data to be transferred.
The Bold Reports cloud is configured with HTTPS protocol and also we are using HTTP/2 protocol by encrypted connections, increasing user and application security. Bold Reports cloud application is configured with SSL, all content and communications between clients are encrypted using SSL, and the HTTPS protocol is used for requests and responses. Bold Reports with HTTPS is secured using the Transport Layer Security protocol, which provides three key layers of protection:
Bold Reports cloud makes the internal API call to access resource in web and mobile apps using secure connection. The Bold Reports cloud will only accept all the connection that uses TLS 1.2 (Transport Layer Security) or above encryption.
Bold Reports cloud database contains the most important data in it since Bold Reports cloud connects to database with SSL connection, which offers the encrypted data transfer between application and database. Bold Reports cloud database has been configured and protected on Azure using firewall by allowing the access only from same Azure environment.
As we are using Azure infrastructure, which monitor and analyze information gathered from services, internal traffic in our network, and usage of devices and terminals. We record this information in the form of event logs, audit logs, fault logs, administrator logs, and operator logs and store these logs in a secure server isolated from full system access to manage access control centrally and check the availability.
Microsoft Antimalware for Azure is a single-agent solution for applications and tenant environments, designed to run in the background without human intervention. Protection may be deployed based on the needs of application workloads, with basic secure-by-default or advanced custom configuration including antimalware monitoring. Azure scan all user files using their automated scanning system that is designed to stop malware from being spread through Bold Reports ecosystem. Azure’s antimalware engine receives regular updates from external threat intelligence sources and scans files against the blacklisted signatures and malicious patterns.
Cards are one of the most popular ways to pay online with broad global reach. The Stripe Payment Gateway method is used for our SaaS business, which is the best software platform for running an internet business. The Stripe Payment Gateway has been integrated using the Stripe APIs and their client libraries. We get the card detail and encrypt with the sort of secure encryption keys and send to the stripe for payment processing. So, we have provided assurance that we do not store and could not see your card details anymore from our side. Your card details to be handled only by Stripe Payment Gateways. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
Bold Reports SaaS product is included with various opensource components. Such components are licensed under the terms of applicable open source license agreements. Our legal team will verify and approve the use of such component in Bold Reports cloud application. Such component usages are revisited and reviewed before every release.