Data Security & User Privacy – Two critical pillars of modern Enterprise SaaS Platforms for Field Service Management
You have seen the Zoom CEO’s thoughtful message recently when their security & privacy shortcomings were brutally exposed by hackers who were able to break into Zoom meetings with ease. This story highlights the emphasis that all businesses should place on security and user privacy as they look at their own field service workflows.
In this age of mounting threats, the importance of policies and tools to ensure data security cannot be overstated. allGeo provides you the data security you need while ensuring compliance with industry standards for HIPAA and GDPR. This article shows you how we do this and why.
Our approach to Data Security
allGeo uses the Telecom & Healthcare industry recommendations to implement user privacy protection and customer data security. This approach ensures that your data is completely safe during transit over wireless networks and then inside our systems. The allGeo system has been designed to be highly resistant to hacking attempts with continuous monitoring to preempt security breaches:
- Data is stored securely in Mobile & Web environment
- Data is transmitted securely over the internet
- Logical Data Silos (Partitioning) to provide additional layers of security
- Identify threats through independent testing
- Regular software updates & patches to plug security issues
- Compliance training of employees
Transmission of Data over the Internet
Every browser supports secure transfers of data using industry standard HTTPS protocol (‘padlock’ icon in the address URL bar ). This ensures “secured data-in-transit”. allGeo currently uses a protocol called TLS/1.2 which is the latest & strongest method to securely transfer your data.
Security Data on Servers and Mobile Devices
allGeo uses state-of-the-art HW, system software, storage drives and database service (RDS) on AWS Cloud. allGeo uses AES256 bit encryption to secure all data and backups in drives and RDS. This is known as “secured data-at-rest”.
Regular Security Testing & 3rd party certification
allGeo performs regular testing to look for known and unknown security attacks. Security breach can also occur due to unknown issues in a system software before they have been patched by the software vendor (called ‘zero day attacks’). allGeo uses 3rd party penetration testing and audits to identify security issues before they flare up.
Data Silos / Partitioning
Similar to an Embassy’s multi-layered security model, allGeo logically partitions customers’ data and hosts the system in a multi-zone environment on Amazon AWS cloud. This architecture ensures business continuity in case a particular zone is compromised.
Software Patches and Regular Updates
Many customer data breaches occur because companies do not patch their software in a timely fashion. allGeo uses industry best-practice to monitor for security updates and apply security patches as soon as available. In addition, allGeo also applies software update patches regularly once they have been certified as safe by the developer community & standards organizations. allGeo follows this best practice with no-impact on end user functionality while ensuring customer data safety.
Employee Training and Policies & Procedures
In order to mitigate in-house security issues (intentional or unintentional), allGeo performs regular employee training and audits of its system. Given that 40% of security breaches may be caused by employee negligence (in Information security term – ‘social engineering’), allGeo is extra mindful and vigilant on this issue. allGeo routinely conducts training for its employees to test, spot and escalate security breaches and accidental disclosures of customer data.
allGeo regularly improves its security model for customer data access using strong password policy, single-sign-ons and logging of all activities by customer users and support teams. allGeo also supports multi-factor authentication for customer accounts i.e. combine password with a one-time-generated security code delivered via phone or email. Customers can also deploy their own IdP for SSO login to allGeo (with minimal integration overhead).
Data is Secure. What about User Privacy?
In addition to the aforementioned steps on Security, allGeo follows rigorous policies & procedures for user data privacy management. Prioritizing User privacy has been built into the platform’s DNA since early days while working with telecom partners. The allGeo platform provides strong, fine-grained controls for end user privacy management. Examples include:
- End user opt-in for service activation
- Customized shift-based tracking e.g. weekdays, 9-5pm Shift; off during Breaks & PTO
- Daily reminders when an app starts up and shuts down
- Alerts if app is off during shift hours
In our next blog, we will write about different ways allGeo ensures and provides controls for end user privacy.
Security breaches come in many forms and businesses need to be fully prepared to address and secure their data. Businesses should be asking their vendors these questions so that they can be aware of how their data is being handled by various systems in their field service workflow.
If you have any questions regarding data security and the ways allGeo handles potential threats, please contact us at privacy@abaq.us.