We are using an web-application vulnerability scanner (Automated security and asset monitoring) to monitor the web-apps for potential takeovers and remediate security bugs in staging and production as soon as they are known and we are using products for automatically prove our code quality & code security.
We apply different hardening practices (like i.e. use of service packs, automatic dependency checks, patches & patch-mgmt, etc.) for our service-containers
Proficloud.io is completely GDPR compliant, thereby conforming to the highest data privacy standards.
All our virtual servers are based on Linux, increasing the resiliency of our cloud system.
Spectre/Meltdown & know CPU security vulnerabilities
Infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level.
Permission / user management
We‘re looking on rolling out a sophisticated permission management system throughout 2021, allowing companies fine-grained controls over what users are capable of accessing.
High security passwords are enforced by the platform. In general the password needs at least 10 characters, upper & lowercase letters, number(s) and special character(s).
Public key infrastructure
We are using EJBCA as PKI for all tenants in Proficloud.io, allowing us to revoke potentially compromised certificates whenever needed.
Secure bidirectional device communication
CA signed remote commands are used regarding the connected devices. All communication is encrypted using TLS 1.2 and client certificate authentication.
Secure firmware update process for devices
Hardened firmware update process for devices with IEC 62443 measures.
All connections between users and devices to proficloud are encrypted using TLS 1.2.
Phoenix Contact Smart Business uses dedicated aws data centers for running Proficloud.io guaranteeing an industry leading security level for customers.