Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

VXG follows best practices in Information Security (IS). All the software is developed internally and services are provided by VXG employees. All employees are in Ontario, Canada. VXG maintains internal IS policies and documentation such as:

  1. VXG Data Protection Policy.

  2. VXG Information Security Policy.

  3. VXG Software Development Guidelines.

The documents are available upon request. VXG conducts periodic reviews of IS and training for its employees.

Remote access

VXG provides managed services for the Cloud VMS deployed on customers’ infrastructure. The is granted and fully controlled by a customer.

In the case of AWS deployments, it is managed by IAM (Identity and Access Management). Each VXG employee will have their own credentials and every access will be logged in the system.

In the case of AWS, we recommend creating a brand new account and adding it to your organization at AWS. VXG will only have access to this isolated account dedicated to Cloud VMS.

Data transfer 

All off-premises network protocols are TLS encrypted:

  • WSS (Web Socket Secure),

  • RTMPS (Real-Time Messaging Protocol Secure)

  • WebRTC (Web Real-Time Communication)

  • HTTPS (Hypertext Transfer Protocol Secure)

Data security 

Optionally, the cloud storage can be encrypted – a feature provided by the cloud storage providers.

VXG uses AWS that meets high industry standards for data security, disaster recovery, physical and privacy, including ISO 27001, SSAE16/ISAE 3402 Type II: SOC 2, and SSAE16/ISAE 3402 Type II: SOC 3 certifications. See AWS Cloud Security for more information. 

Data encryption

The stored data is encrypted using the cloud storage provider.

In the case of AWS S3 storage, AWS offers several options for data encryption. See https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html for more information.

Penetration tests 

The platform has passed a professional penetration test. The test was carried out as a grey box penetration test.

Methodology.

We ensure to use only current technologies, tools and follow best practices for penetration testing. Additionally, all work is done completely independently to ensure the best quality is reached and a deep security assessment is done. All tests are guided and inspired by the OWASP Testing Guide and Open Source Security Testing Methodology Manual (OSSTMM) to reach the highest standards. 

Tools

The list of tools is available upon request.

  • No labels