Data protection is not just a task for us it is our responsibility. We have numerous safeguards in place to ensure the security of your data when running CoCreate.
Leveraging cloud services, data security is a shared responsibility between the provider and the customer. We have addressed these responsibilities with a broad range of security measures, including secure network configuration, strict access control, robust encryption, and comprehensive monitoring and logging systems. These steps guarantee the safety of your data, with controlled and monitored access.
Cloud-based applications offer scalability, availability, and flexibility beyond the capabilities of traditional standalone infrastructure. Recognizing your need for secure data accessibility, we have established additional security protocols. These include enhanced access control, access restrictions, advanced data protection mechanisms, and strict confidentiality agreements with our staff.
Security Measures
Our commitment to data protection and privacy manifests in several ways:
Regular Code Reviews: We routinely perform code reviews to uncover potential vulnerabilities in our code, ensuring its robustness and security.
Role-Based Access Control (RBAC): We use RBAC to manage access to data in accordance with the user's role and privileges.
SSL Encryption: To protect your data during transport, we use Secure Sockets Layer (SSL) encryption.
Restricted Access: We limit access to production environments to authorized personnel only, minimizing potential risks.
Monitoring and Logging: We have security alerts in place, and monitoring and logging systems to track, audit, and detect any suspicious activities.
Multi-factor Authentication via Azure AD B2C: Azure AD B2C's two-factor authentication ensures that only authorized users can access the data.
Secure Network Configuration: We restrict unauthorized access to the virtual network and subnets used by the application, including database and virtual machine access.
Limited Data Access: We allow access to customer data only when necessary and with customer permission, such as for debugging purposes.
Data Protection Mechanisms: We use secure storage and backup methods to defend against data loss or corruption.
Confidentiality Agreements: We enforce confidentiality agreements with all employees who have access to customer data, promoting awareness of their responsibilities to preserve data confidentiality.
By implementing these measures, we ensure that your data is accessed only when absolutely necessary and that all access is strictly regulated and monitored.
Through a continuous security process, potential security gaps are identified and rectified, keeping your system secure and your data well-protected.
Storage location
The data is securely housed on a private Azure Disk, under a firewall and accessible only by CoCreate server which controls access under strict RBAC. The storage resource is situated in the Western Europe region, specifically the Netherlands.