Security
At OverNite Software Europe BV (OSE), we work every day to ensure the security of our applications. That’s why we have extensive procedures and processes for our data centers, networks and applications to continuously protect our customers’ data.
The security and confidentiality of the data is our top priority. We have been ISO 27001:2017 certified for years.
We employ industry standard security measures to ensure data protection. Nevertheless, the security of information can never be fully guaranteed. We accept no liability for the interception or interruption of communications via the Internet, as well as for any changes to or loss of information.
To protect customer information, it may be necessary to suspend use of a website/software application, without notice, pending an investigation, if a security breach is suspected.
Data centers and servers
The applications that we develop and make available to customers are always on servers owned by OSE. These servers are housed in specialized data centers.
Data centers
Our servers are physically located at data centers that comply with the strictest physical and digital security measures. There is camera surveillance and data centers are monitored 24/7 by security staff. The data centers have multiple environmental safeguards and backup systems for energy management, including fire suppression, connectivity, heating, ventilation and air conditioning, with a minimum of N+1 redundancy.
Physical access to the servers is only possible by authorized employees.
The data centers are ISO27001 and BORG3 certified.
Servers
The servers on which our applications are located are under our own management and ownership. That gives us complete control.
The entire infrastructure is redundant and has various failover mechanisms to guarantee availability.
Regular backups are made of the systems and these are stored in multiple locations, both online and offline.
Management access to servers is only possible via a secure connection and with approved devices, where the principle of least privilege access is applied. This minimizes the risk of unauthorized access.
To detect and resolve malfunctions as quickly as possible, servers are continuously monitored and an active signaling protocol is in operation. In addition, attention is paid to the performance and capacity of the servers and proactive action is taken where necessary.
Network security
We work with separate networks, both physical and virtual. In addition, so-called Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are active to detect and preventively block suspicious network traffic. This can also prevent DDoS attacks.
A penetration test is periodically carried out to check whether all security mechanisms function properly and to adjust them where necessary.
Data encryption
We use powerful encryption technologies to protect passive customer data and customer data-in-transit. OSE uses the AES algorithm (Advanced Encryption Standard) with a key size of 256 bits.
All OSE software applications use SSL (Secure Socket Layer). This means that all information during transport is confidential and cannot be read by third parties.
Transport Layer Security (TLS) protects user access over the Internet and protects network traffic against passive eavesdropping, active tampering or spoofing.
Data at rest, such as backups, are stored with the same encryption.
Application
Every step of our application development, testing and deployment process is designed to ensure the security of our products.
Development procedure
OSE develops software according to the DTAP method: Development, Test, Acceptance, and Production. A new release starts in the development environment, goes to the test environment for internal testing, then to the acceptance environment for customer testing, and finally to the production environment. This approach minimizes the chance of errors in the production environment. Each step requires approval from a second developer who checks the code. The so-called four-eye principle. This limits errors even further.
Application security
Several measures in the software attempt to prevent misuse or unauthorized access. In this way, all incoming data is checked to see whether it meets various conditions. Incorrect input and other security incidents, such as incorrect login attempts and unauthorized actions, are logged so that they can always be found. Other actions in the application are logged in a detailed audit trail so that it can be traced at all times which changes were made by which user.
Customer data is stored completely separately to prevent cross-tenant vulnerabilities.
Periodically, a penetration test is carried out by an external company to ensure that our applications still meet the security requirements of modern applications. Any new findings from this test will be analyzed and possibly incorporated into our applications.
Access
To access our software applications, we authenticate each user. You can log in with a unique login name and password. Some applications can also use two-factor authentication (2FA), single-sign-on and IP limitation. After logging in correctly, users enter their personalized environment.
Passwords are stored in the form of a secure hash, rather than the password itself. For audit purposes, both unsuccessful login attempts and successful login/logout activities are recorded.
Customers can also limit or limit access through settings. For example, the password rules can be set and the session timeout can be determined, whereby inactive sessions are automatically logged out. It is also possible for the customer to set user authorizations. The customer is responsible for the settings and consequences.
Users are responsible for the security of their login details. It is prohibited to share login details with others. Unauthorized access to the software is strictly prohibited and may result in legal action.
Contact
Do you have a question or comment about this page?
Please contact us:
OverNite Software Europe BV
Mauritslaan 65
6161 HR Geleen
The Netherlands