Data Center & Network Security

Physical Security

Facilities

Innovation Minds’ applications are hosted by Amazon Web Services (AWS). AWS’s global data center infrastructure is designed to ensure the highest level of performance and availability. AWS engages with external certifying bodies and independent auditors to provides considerable information regarding policies, processes, and controls resulting in certifications, audit reports, or attestations of compliance such as SOC 2, ISO 27001 and GDPR.

On-site Security

Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multi-factor authentication mechanisms for access control and security breach alarms. Learn more about AWS’s Data Center Controls.

Monitoring

All Innovation Minds Infrastructure, network systems, and devices are constantly monitored and logically administered by Innovation Minds staff. Physical security, power, and internet connectivity are monitored by the individual facility providers.

Location

Innovation Minds leverages AWS Regions within the United States, India and the European Union.

 

Network Security

Security Team

Our Security Team is on call 24/7 to respond to security alerts and events.

Protection

Our network is protected by the redundant network, best-in-class router technology, secure HTTPS transport over public networks and regular audits.

Architecture

Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.

Network Vulnerability Scanning

Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

Third-Party Penetration Tests

In addition to our extensive internal scanning and testing program, each year Innovation Minds employs independent third-party security experts to perform penetration testing across Innovation Minds’ Production Network.

Security Incident Event Management (SIEM)

Our Security Incident Event Management (SIEM) program monitors logs from important network devices and host systems and alerts on triggers that notify the Security team for investigation and response.

Anti-Malware

Innovation Minds uses industry-leading anti-malware solutions to protect against threats including malware, viruses, Trojans, and spyware. New anti-malware patterns and updates are applied frequently to ensure protection against the latest threats.

Data Loss Prevention

Innovation Minds has implemented data loss prevention tools that ensure control of USB and peripheral ports and to detect and prevent potential data breached and data ex-filtration by monitoring, detecting, and blocking sensitive data in motion and at rest.

Threat Intelligence Program

Innovation Minds participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks, and act based on our risk and exposure.

Logical Access

Access to Innovation Minds networks is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored. Multi-factor authentication is required for accessing our production networks.

Security Incident Response

In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

 

Encryption

Encryption in Transit

Communications between you and the Innovation Minds application servers are encrypted via HTTPS and Transport Layer Security (TLS1.2 or higher) over public networks. TLS is also supported for the encryption of emails.

Encryption at Rest

All client data is secured but not yet encrypted. This can be added on demand.

 

Availability & Business Continuity

Uptime

Innovation Minds maintains an on-demand available system status webpage that includes system availability details, scheduled maintenance, service incident history, and relevant security events.

Redundancy

Innovation Minds employs service clustering and network redundancies to eliminate single points of failure. Our backup program ensures Service Data is actively replicated across primary and secondary systems and facilities.

Business Continuity/Disaster Recovery

Our Business Continuity (BC) and Disaster Recovery (DR) programs ensure that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Business Continuity and Disaster Recovery plans, and regularly scheduled testing.

 

Application Security

Secure Development

Security Training

At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors and Innovation Minds security controls.

Application Framework Security Controls

Innovation Minds utilizes a modern application framework and prepared statements for all queries to limit exposure to OWASP Top 10 Security flaws. These include inherent controls that reduce our exposure to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.

Quality Assurance

Our QA department reviews and tests our codebase. Application security engineers on staff identify, test and triage security vulnerabilities in code.

Separate Environments

Development, Testing and Staging environments are separated physically and logically from the Production environment. Client data is not used in non-production environments.

Application Vulnerabilities

Dynamic Vulnerability Scanning

We employ third-party, qualified security tools to continuously dynamically scan our application against the OWASP Top 10 security flaws. Application security engineers test and work with engineering teams to remediate any discovered issues.

Static Code Analysis

The source code repositories for our applications are continuously scanned for security issues via our integrated static analysis tools.

Security Penetration Testing

In addition to our extensive internal scanning and testing program, Innovation Minds employs third-party security experts annually to perform detailed application scans and penetration tests on our applications.

 

Product Security Feature 

Authentication Security

Authentication Options

The Innovation Minds application support login using your Innovation Minds username/password combination. We use an industry-leading and battle-tested algorithm to securely hash and salt all passwords. You may also enable login using third-party social media (Google, Twitter and LinkedIn) end-user authentication.

On-site Security

Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multi-factor authentication mechanisms for access control and security breach alarms.
Learn more about AWS’s Data Center Controls.

Single Sign-on (SSO)

Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for your Innovation Minds application using Security Assertion Markup Language (SAML). Learn more about SSO.

Configurable Password Policy

Innovation Minds provides default password rules as well as the ability to set custom password complexity rules.

Secure Credential Storage

Innovation Minds follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.

 API Security & Authentication

Before users can access Innovation Minds data through your app, they must first authenticate and authorize against Innovation Minds. Once completed, your app will have the permissions and the resource to make API requests for data on behalf of the users. You must use the OAuth 2.0 standard to interact with the Innovation Minds Authentication page. Learn more about Innovation Minds API.

 

Additional Product Security Features

Access Privileges & Roles

Access to data within Innovation Minds’ applications is governed by access rights and can be configured to define granular access privileges. Innovation Minds has various permission levels for users. Learn more about Roles.

IP Restrictions

Innovation Minds’ applications can be configured to only allow access from specific IP address ranges you define. Learn more about IP Restriction.

Transmissions Security

All communications with Innovation Minds servers are encrypted using industry standard HTTPS over public networks. This ensures that all traffic between you and Innovation Minds is secure during transit. Additionally, for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers.

 

Certifications, Memberships & Privacy

Certifications, Memberships & Privacy

SOC2 Type II Audit

Innovation Minds has completed a SOC2 Type II audit as of June 30, 2021.

Cloud Security Alliance (CSA) STAR Self-Assessment

Innovation Minds has registered for Cloud Security Alliance STAR Self-Assessment Level 1. The STAR registry documents our security and privacy controls. Request our completed Consensus Assessments Initiative Questionnaire (CAIQ)

US-EU Privacy Shield and US-Swiss Privacy Shield

Innovation Minds has certified with the US-EU Privacy Shield and the US-Swiss Privacy Shield programs set forth by the United States Department of Commerce.

Privacy Policy

Learn more about privacy at Innovation Minds.

 

Additional Security Methodologies

Security Awareness

Policies

Innovation Minds has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to, all employees and contractors with access to Innovation Minds information assets.

Training

All new employees attend a Security Awareness Training which is given upon hire and annually thereafter. All engineers receive annual Secure Development Training. Additional security awareness updates are provided via email, blog posts, and in presentations during internal events.

Employee Security

Background Checks

Innovation Minds performs background checks on all new employees and contractors in accordance with local laws. The background check includes criminal, education, and employment verification.

Confidentiality Agreements

All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.