Data and information system security
What measures does Ars Nova Systems take to secure data?
Within the framework of its activity and in particular within the framework of the distribution of TinyMDM Software in Cloud mode (SaaS), TinyMDM may ensure, on behalf of users of TinyMDM Software in Cloud mode, the hosting and storage of Personal Data collected and processed by the user concerned. TinyMDM, as a 100% Cloud SaaS solution, is reliably hosted on secure servers in Europe at Amazon AWS, a secure Cloud provider. The hosting of all customer data is included in our offer (apks, contacts, applications, files…). Even though Ars Nova Systems has never faced any security incidents during its existence (since its creation in 2012), we cannot guarantee that unauthorized third parties will never be able to circumvent our security measures or use your personal information for inappropriate purposes. However, we do guarantee that:
- Logs: we are able to trace connections/disconnections over 1 month (1 year for payment operations).
- Autoscaling system with change of instance, IP address and local volume.
- Data access is subject to a strict access policy: only authorized staff members have access to the database via a well-defined security policy (frequently changed credentials, only authorized IP can access, two-step authentication method).
- All our instances expose only the strict necessary protocol. Remote access for authorized staff members is protected by a certificate connection and a group of authorized IPs.
- A login notification including the IP address is sent to our customers when someone logs in to their account, to warn the user in case of password hacking.
- Captcha and password complexity required for registration
- We use a redundant database server to ensure a hot recovery in case of failure of one of the servers.
- Database backups are performed daily over a two-month window. Backups are hosted on Amazon’s S3 service, so there is a logical partition for this archived data. There is no physical backup (CD ROM, tapes…).
- The database is subject to standard security measures (server not directly accessible via the Internet, only authorized backend servers can access the database…)
- Our servers are equipped against the most common and frequently encountered DDoS attacks on the network and transport layers.
- Abnormal requests are continuously monitored
Real-time error rate monitoring
In terms of tracking our error rates or threats to our system, errors are monitored via the AWS Cloudwatch service. We are automatically alerted, in real time:
- In case of an unusual influx of requests (email and SMS alert)
- In case of an error (error log with email and SMS alert)
Where is my personal information stored?
TinyMDM and associated sites use Amazon Web Services for database storage, with servers based in Europe. You can read the AWS data protection policy here.