Security
At HyThere Corp., creator of DemoHop, we are committed to protecting the confidentiality, integrity and availability of our information systems and our customer data. We are constantly improving our security controls and analyzing their effectiveness to give you confidence in the security of your confidential data.
Here we provide an overview of some of the security controls in place to protect your data.
Please contact your DemoHop account representative for further inquiries.
Cloud Security
Encryption
Authentication and Authorization
Authentication and authorization on DemoHop is controlled by a Google Cloud customer identity and access management (CIAM) platform. DemoHop users sign in via either an email link or a single sign-on method (OIDC/SAML) if optionally upgraded. If the sign in attempt is successful, signed and encrypted tokens are issued and required on every request. Access tokens are short lived and are refreshed automatically on expiration. When a user signs out all tokens are revoked and are no longer usable. In addition, authorized HyThere personnel have the ability to manually lock out individual users if suspicious activity is observed. Each user has a set of authorizations that limit what actions they’re allowed to perform.
Availability and Continuity
DemoHop is deployed on Google Cloud infrastructure. Services are configured to scale dynamically in response to incoming load. Simulated load tests and API response time tests are incorporated into our release and testing cycle. Production data storage is highly available with automated backups and point-in-time recovery enabled to ensure minimal downtime and data loss. In the event of a region or zone outage, HyThere has the ability to easily deploy to a new location.
Environment Segregation
Testing, staging, and production environments are logically separated from one another. Customer data is never used in any non-production environment.
Row-Level Security (RLS)
DemoHop databases enforce row-level security (RLS) at the database level where appropriate. Database queries require valid RLS parameter values to be included or they will fail. This practice introduces logical segregation of tenant data and significantly reduces the impact a bad actor can make, drastically improving customer data confidentiality.
Video Calls
Third Party Security
HyThere understands the risks associated with improper vendor management. We evaluate and perform due diligence on all of our vendors prior to engagement to ensure their security is to a suitable standard. If they do not meet our requirements, we do not move forward with them. Selected vendors are then monitored and reassessed on an ongoing basis, taking into account relevant changes.
Logging and Monitoring
Application and infrastructure systems log information for troubleshooting, security reviews, and analysis by authorized HyThere personnel.
Personnel
HyThere conducts background checks at the time of hire where permitted by law. All HyThere personnel are required to sign Non-Disclosure and Confidentiality agreements.
Access Control
Access is granted on a principle of least privilege. Access is revoked immediately upon termination.
Development
Our development team employs secure coding techniques and best practices and closely follows industry standard security awareness documentation including Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST), and more.
Policies and Procedures
HyThere maintains a comprehensive set of security policies and procedures. HyThere leadership personnel review these on a monthly cadence to ensure complete coverage and accuracy is maintained.