Creatio ensures the highest level of security and privacy of stored data by supporting it both
at the application and network levels, as well as at the physical access level.
Security
at all levels
Security of access and network
Creatio complex multi-level security system enables tracking operations and events at the application and network levels, with separate monitoring of each security level.
Network traffic monitoring prevents any attempts of unauthorized access and provides additional protection from DDoS attacks.
СNetwork monitoring systems (firewalls, SIEM, IPS / IDS, etc.) provide attack resistance and permanent online control. In addition, they stop suspicious activities on the network level.
Connection control on the application and database levels enables isolating, filtering and managing the licensed connections within the integration processes.
Creatio network is protected using several security protocols for preventing unauthorized access: HTTPS (TLS 1.2), TCP/IP, etc.
User ID, password and all the transmitted data are encrypted using a 128-bit key, which guarantees security of data storage, processing and delivery.
Switches and firewalls are available at each level, which enables configuring personalized security policies (limiting access by IP, device types, domains, geography, etc.) and controlling the access to the application.
Physical security
Physical access to data centers is approved and verified by the authorized hosting providers.
Creatio data is stored in different geographical areas on professional hosting platforms — Amazon Web Service and Microsoft Azure, which are secure from unauthorized access to servers. Autonomous power supplies and enterprise-grade security systems guarantee complete data security and smooth operation of the data center 24/7. Data storage infrastructure enables performing regular archiving of critically important information and safe data backup.
The data processing centers are compliant with international industry standards, including GDPR, ISO 27001, HIPAA, SOC 1, SOC 2.
Security at the application level
Separate database
Unlike other cloud services that store information on different customers in a single database, Creatio has a separate database for each customer. This makes it impossible to access your company’s information for other customers who use the application. In addition, all the data stored in Creatio is encrypted.
Supporting single authorization
WebSSO technology simplifies authentication of users and ensures quick and safe Creatio implementation. Support of SAML 2.0 standard provides connection to the most used authentication providers.
Password security
Extended tools enable system administrators to set the required password complexity, limit the number of login attempts and set password expiry dates for the accounts. Passwords are hashed using salt and encrypted according to the OWASP requirements.
Roles and permissions
Creatio administrative capabilities allow for building the role hierarchy taking into consideration both organizational structure and employee position within this structure, as well as user functional roles. Access rights can be assigned both for specific roles and for each Creatio user.
Access permissions
Creatio can implement any data and operation-related access permissions: from providing full access to specific sections for all users, to denying and granting access to specific roles only. Creatio supports administering by objects, records or columns with the ability to restrict access to reading, modifying and deleting data.
Audit log
The audit log records critically important operations and provides administrators and information security specialists with full information regarding assigning permissions to objects, changes in the role structure and access levels, login attempts, changes in the system settings, etc.
External security control
Creatio software undergoes regular reviews to confirm its compliance with international standards. In addition, we use external software and hardware, as well as monitoring services to ensure security at all levels.
Compliance with security standards
Security of the software and business processes is maintained in compliance with the world best practices and is being continuously audited by independent experts with regards to the ISO / IEC 27001: 2013 compliance certificate issued to the Creatio cloud services and software. In addition, creatio.complies with the HIPAA security requirements and the GDPR regulations.
Vulnerability scanning
Creatio development practices are compliant with the “Secure software development policy”, which requirements apply to every newly released software version on the pre-release testing stage. Creatio utilizes designated software to identify possible security issues.
Training and process control
To comply with ISO 27001 requirements, we hold regular trainings and testing. Training topics include data security policy, security regulations, general working procedures and department cooperation rules, etc.
External audit
Creatio software products regularly undergo compliance control, as well as external scanning and security testing by different third-party tools. This guarantees elimination of a critical vulnerability that could affect confidentiality, integrity or availability of the web application.
Penetration testing
Creatio holds regular internal and external penetration testing for the network and software with Internet access. The software undergoes regular penetration testing with the involvement of industry experts. The methodology of app security assessment is designed according to OWASP Testing Guide.
Security policy
Creatio certified specialists perform regular control and optimization of the security measures.
