Aestiva Security

Aestiva takes security seriously. Here are security measures Aestiva is willing to discuss openly. To safeguard against future security infractions, Aestiva also welcomes customers to do their own penetration testing of Aestiva systems.

Login Security
Aestiva provides in all its products Login Security. In its latest products it provides multi-factor authentication, IP access controls, and other measures. It also recommends customers integrate with their company login authentication method of choice to create a consistent security infrastructure.

Industry Monitoring
Aestiva regularly looks at security industry reports and upfdates its servers in response to threats.

The Human Factor
Fully 80% of security breaches in the US are from in-house staff. Aestiva limits access to its data center and customer applications to limited staff. Furthermore, we destroy documents labeled as "confidential" after they are used, and discourage customers from giving Aestiva any confidential information. To guard against credit card data theft, we do not store customer payment data on Aestiva systems (unless required by the customer, and when so, encourage the customer to use Aestiva's privacy control features to encrypt that data).

Use of Sandboxes
Aestiva is a big believer in using multiple layers of security sandboxes. For example, network access to cloud solutions is limited to the secure protocols HTTPS and SSH. No other ports are provided. Under that is the Paperwork Automation platform (Webigami or Power Office). It is its own sandbox. Under that is Aestiva Array (see below), which is yet another sandbox. Under that are servers with Linux security.

Array Security
Aestiva products run on a browser-native engine called Aestiva Array. Aestiva believes the security measures it has taken make Array one of the more secure development environments on the web today. Array accomplishes its goals, in part, by utilizing the measures below.

• Security-by-Default Design (SDD)
• Automated Data Checking (ADC)
• Use of industry-standard HTTPS
• Vertically-Integrated Security Framework (VISF)

Security-by-Default Design (SDD)

SDD is a design philosophy which requires products be securely configured at delivery time.

The Array (HTML/OS) engine follows the SDD objective. While the objective may appear obvious to many, SDD is not accepted practice in some popular web development environments. As a result, developers in other web programming environments may be required to be security experts, or contract with security experts, to develop well-secured websites and browser-native products.

When developing products with the HTML/OS programming language, the developer is not required to be a security expert, since ADC security measures are built into the engine. Aestiva recognizes the fact that most web developers are not (and will not become) fully knowledgeable in web security.

Automated Data Checking (ADC)

The HTML/OS web engine used by Array performs data integrity checks to ensure that data passed to it from the web is proper and allowed. By default, data cannot be passed into Array unless it is explicitly allowed by the web developer. The data checking extends across all data passed into the engine, including data passed in as variables.

Use of industry-standard HTTPS

Array works seamlessly with HTTPS, an industry-standard secure web protocol that delivers secure transport of data over the web.

Secure transport is required in situations where trust cannot be assumed by parties in network proximity to the hosted server.

All Array applications can be run using the HTTPS protocol. Secure logins are available for accessing the development environment over the HTTPS protocol. This allows for secure editing of server-side content, for situations demanding the highest level of transport security.

Vertically-Integrated Security Framework (VISF)

Array is a vertically-integrated engine with a vertically-integrated security framework. Data passing utilizes HTTP and HTTPS only. Data is also confined to a server-side sandbox, delivering added server protection.

About Aestiva Software

Aestiva is a paperwork automation company. We have helped over 1,000 businesses since 1996.

From squeezing down customer response times to streamlining procurement services to building skyrocketing levels of transparency and audit, Aestiva is building a world where businesses run smarter, greener, happier, and better.

Connect with us today.
Call 1-888-AESTIVA (237-8482).

Or stay in touch. Get Paperless Automation Review, an Aestiva newsletter, emailed to you monthly.