Security Software Tool
Take a look at some of the most frequently asked questions about our security approach.
What is Syniti’s commitment to security?
- As a data management company, Syniti puts security first. As such, Syniti is ISO 27001:2013 certified and is pursuing SOC 2 certification for our data management platform. Securing our customer’s data is secure is a top priority.
Does Syniti adhere to industry standards for information security?
- Absolutely. Syniti is ISO 27001:2013 certified and additionally Syniti’s security program incorporates guidance from other industry leading best practices like NIST and CIS.
What does Syniti do to ensure its staff are up-to-date with Information Security best practices?
- Syniti requires all employees, contractors, and subcontractors to complete annual security awareness training at a minimum. Additional opportunities for awareness occur through events such as Cybersecurity Awareness Month, phishing campaigns, and corporate communications on important security topics and news.
How do you protect and isolate our customer systems & data at rest and in transit?
- Systems and data are isolated from all other Syniti operational systems, end users, and developers in an isolated cloud operations hosting environment. Access is restricted to cloud operations administrators and indirectly to consultants who are working with the customer to facilitate migrations and other business driven actions only on need-to-know basis.
- Tenants have their own isolated environments with no access to or from any other customer environment.
- Customer data transferred in or out of the cloud operations environment to the customer is encrypted in transit with industry standard encryption protocols.
- Systems have data encrypted at rest at the disk level with industry standard encryption.
- Access to customer environments by cloud operations administrators occurs through a secure web portal mitigating most concerns related to the security posture of Syniti laptops, desktops, mobile devices, wireless, etc.
- All Cloud Operation administrators are enabled with Multi-factor Authentication (MFA) to confirm identities.
- Privilege authorization is managed through the PAM (Privilege Access Management) technology to ensure that access has been provided only on a Need-to-Know basis and the principle of Least privilege is being adhered to.
- All external threats are being controlled at perimeter itself via the functionalities of Next generation firewalls.
Is your infrastructure SOC 2 compliant?
- Syniti partners with well-known global IaaS Hyperscalers who maintain SOC 2 compliance.
- Syniti’s cloud operations hosting environment is currently SOC 2 Type I compliant and is in process of obtaining SOC 2 Type II certification
What endpoint security do you implement for customer systems themselves?
- We operate host based firewalls, EDR software and other protections ensuring:
- Validated software is installed and running
- Validated processes are running on customer systems
- Virus & malware assessments of customer systems are current and accurate.
- Host-based firewalls.
- File Integrity Management
- Host Intrusion Detection
- Vulnerability Management
- Syniti maintains auditing in place to collect/store the events from all endpoints to further enable accountability.
How do you track and respond to security incidents?
- Syniti cloud operations maintains a 24×7 NOC built around a SIEM solution for aggregating and correlating security events and identifying actionable security incidents.
- Syniti maintains an Integrated Incident Response Plan and a dedicated SIRP (Security Incident Response Plan) which has IRPs/used cases covered thus helps in driving through the security incidents.
Is customer data backed up?
- All customer data is backed up daily.
How is password storing and rotation managed?
- All the customer related password storing and rotation is being managed by our PAM solution which has a secure wallet feature and enables the remote connectivity to authorized personnel without exposing the credentials in clear text.
- Password rotation is enabled which ensures passwords are automatically changed at every 90 days.
How does Syniti stay updated about the latest threats and vulnerabilities?
- We leverage a vulnerability management solution from a market leading vendor and maintain a regular check on all new and existing vulnerabilities.
- We have a vulnerability management program in place to remediate any discovered vulnerabilities.
- Additionally, our SOC service provider leverages a threat hunting program to ensure the highest level of diligence.
How does Syniti ensure confidentiality, integrity and availability (CIA) for customer data?
- We encrypt all ingress and egress of customer data with the recommended encryption protocols.
- We have FIM (File Integrity monitoring) functionality to observer any unauthorized modification to the production data.
- Syniti maintains a network based data loss prevention platform
- We also do have a Cloud & Container Security monitoring tool in place which also keeps up updated on our existing security posture.
- Our CSP is a market leader and provides us with 2n+1 level of redundancy with their T4 level of data centers.
Does Syniti encrypt my data?
- Yes. Both in transit, enforcing https, and at rest in the database using AES256 encryption. We also support SQL Server Transparent Data Encryption (TDE).
Do you review your applications for security vulnerabilities?
- Throughout our Software Development Lifecycle (SDLC), we scan the code looking for security vulnerabilities using independent 3rd-party static and dynamic scanning tools and any significant issues are resolved prior to release.
Does your application support Multi-Factor Authentication?
- We support Single Sign On (SSO), where the application delegates user authentication to the customers corporate Identity Provider. In this way, the customer directly controls who has access to the Syniti application using their established user authentication policies and procedures.
Do you use industry standards (i.e. OWASP Software Assurance Maturity Model, ISO 27034) to build in security for your Systems/Software Development Lifecycle (SDLC)?
- Syniti information privacy and security governance and the SDLC process is aligned with the International Organization for Standardization (ISO) 27001 and 27002 security standards and the National Institute of Standards and Technology (NIST) Special Publications 800 Series. The Syniti secure SDLC program follows the guidelines set by the OWASP Framework.
What is the uptime SLA for your SaaS products?
- We ensure an uptime of 99.5%.
How often do you release updates to the software?
- Our SaaS products follow a CI/CD model where changes are deployed to production as soon as they have passed all of our SDLC checkpoints.
- Our on-premise software is released on the following frequency:
- Service Packs – every 4-6 weeks
- Minor versions – every calendar quarter
- Major versions every 1-2 years