Vulnerability scanning
We are using an web-application vulnerability scanner (Automated security and asset monitoring) to monitor the web-apps for potential takeovers and remediate security bugs in staging and production as soon as they are known and we are using products for automatically prove our code quality & code security.
Hardening techniques
We apply different hardening practices (like i.e. use of service packs, automatic dependency checks, patches & patch-mgmt, etc.) for our service-containers
GDPR compliance
Proficloud.io is completely GDPR compliant, thereby conforming to the highest data privacy standards.
Operating system
All our virtual servers are based on Linux, increasing the resiliency of our cloud system.
Spectre/Meltdown & know CPU security vulnerabilities
Infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level.
Permission / user management
We‘re looking on rolling out a sophisticated permission management system throughout 2021, allowing companies fine-grained controls over what users are capable of accessing.
Password policy
High security passwords are enforced by the platform. In general the password needs at least 10 characters, upper & lowercase letters, number(s) and special character(s).
Public key infrastructure
We are using EJBCA as PKI for all tenants in Proficloud.io, allowing us to revoke potentially compromised certificates whenever needed.
Secure bidirectional device communication
CA signed remote commands are used regarding the connected devices. All communication is encrypted using TLS 1.2 and client certificate authentication.
Secure firmware update process for devices
Hardened firmware update process for devices with IEC 62443 measures.
Encryption
All connections between users and devices to proficloud are encrypted using TLS 1.2.
Data centers
Phoenix Contact Smart Business uses dedicated aws data centers for running Proficloud.io guaranteeing an industry leading security level for customers.