Select Page
< All Topics
Print

Product & Service Security

Innovation Minds places a paramount emphasis on the security of our state-of-the-art data center and network infrastructure. Through rigorous implementation of robust security protocols and best practices, we are dedicated to safeguarding your valuable data. Our commitment ensures not only the integrity but also the uninterrupted availability of our services, providing you with peace of mind in every interaction.

 

Secure Development

Security Training: At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and Innovation Minds security controls.

Application Framework Security Controls: Innovation Minds utilizes a modern application framework and prepared statements for all queries to limit exposure to OWASP Top 10 Security flaws. These include inherent controls that reduce our exposure to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.

Quality Assurance: Our QA department reviews and tests our codebase. Application security engineers on staff identify, test, and triage security vulnerabilities in code.

Separate Environments

Our approach ensures that Development, Testing, and Staging environments are completely isolated, both physically and logically, from the Production environment. We strictly prohibit the use of client data in non-production environments, maintaining the highest standards of data security and confidentiality.

Application Vulnerabilities

Dynamic Vulnerability Scanning: We employ third-party, qualified security tools to continuously dynamically scan our application against the OWASP Top 10 security flaws. Application security engineers test and work with engineering teams to remediate any discovered issues.

Static Code Analysis: The source code repositories for our applications are continuously scanned for security issues via our integrated static analysis tools.

Security Penetration Testing: In addition to our extensive internal scanning and testing program, Innovation Minds employs third-party security experts annually to perform detailed application scans and penetration tests on our applications.

 

Authentication Security

Authentication Options

The Innovation Minds application offers login capabilities using your Innovation Minds username/password combination. To ensure robust security, we employ an industry-leading algorithm that hashes and salts all passwords securely. Additionally, users have the option to enable login via third-party social media platforms (Google, Twitter, and LinkedIn) for streamlined authentication.

Single Sign-on (SSO)

Single sign-on (SSO) enables seamless user authentication within your systems, eliminating the need for users to enter separate login credentials for accessing our Innovation Minds application through Security Assertion Markup Language (SAML). Discover more about the benefits and implementation of SSO.

Configurable Password Policy

Innovation Minds provides default password rules as well as the ability to set custom password complexity rules.

Secure Credential Storage

Innovation Minds follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.

API Security & Authentication

Before users can access Innovation Minds data through your app, they must first authenticate and authorize against Innovation Minds. Once completed, your app will have the permissions and the resource to make API requests for data on behalf of the users. You must use the OAuth 2.0 standard to interact with the Innovation Minds Authentication page. Learn more about Innovation Minds API.

 

Additional Product Security Features

Access Privileges & Roles

Access to data within Innovation Minds’ applications is governed by access rights and can be configured to define granular access privileges. Innovation Minds has various permission levels for users. Learn more about Roles.

IP Restrictions

Innovation Minds’ applications can be configured to only allow access from specific IP address ranges you define. Learn more about IP Restriction.

Transmissions Security

All communications with Innovation Minds servers are encrypted using industry-standard HTTPS over public networks. This ensures that all traffic between you and Innovation Minds is secure during transit. Additionally, for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers.

 

Certifications, Memberships & Privacy

SOC 2 Type II Audit

Innovation Minds has completed an internal SOC 2 Type II audit as of June 30, 2022.

Cloud Security Alliance (CSA) STAR Self-Assessment

Innovation Minds has registered for Cloud Security Alliance STAR Self-Assessment Level 1. The STAR registry documents our security and privacy controls. Request our completed Consensus Assessments Initiative Questionnaire (CAIQ).

US-EU Privacy Shield and US-Swiss Privacy Shield

Innovation Minds has certified with the US-EU Privacy Shield and the US-Swiss Privacy Shield programs set forth by the United States Department of Commerce.

Privacy Policy

Learn more about privacy at Innovation Minds by reviewing our Privacy Policy.

 

Security Awareness

Policies

Innovation Minds has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Innovation Minds information assets.

Training

All new employees attend Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Development Training. Additional security awareness updates are provided via email, blog posts, and in presentations during internal events.

 

Employee Security

Background Checks

Innovation Minds performs background checks on all new employees and contractors in accordance with local laws. The background check includes criminal, education, and employment verification.

Confidentiality Agreements

All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.