Security at Dastra
Security is an integral part of the structure of our Cloud products, our infrastructure and our processes, so you can be sure that your data is protected.
All organization owners have the ability to force the use of two-factor authentication.
Organization's owner are able to secure the application's connection using Ip whitelisting
All of your data is stored at Microsoft Azure in hosting resources located in France.
All data exchanged between our customers and applications is encrypted in transit using the TLS (Transport Layer Security) protocol with PFS (Perfect Forward Secrecy). The encryption certification authority is CloudFlare inc.
The data disks on the servers hosting customer data in the Azure cloud are all encoded at rest using "Transparent data encryption" technology.
The physical files are also statically encrypted in the Azure Storage service with a 256-bit transparent encryption system AES encryption, one of the strongest algorithms which is FIPS 140-2 compliant.
Organization administrators can track all changes to user management and access permissions.
Each user has a unique identifier and the use of accounts shared between several users is not authorized.
All of the data (Azure SQL) and files (Azure Blob Storage) of our users are regularly backed up with a history of one month.
In the case of an account deletion, the data is kept for 1 month before its final deletion.
At least 8 characters comprising 3 of the 4 types of characters (uppercase, lowercase, numbers, special characters).
Delay in accessing the account after several failures.
Encryption of passwords in databases with strong encryption rules.
View and manage all API keys used by developers in your organization
Use of the role-base-access-control (RBAC) access management model. The person in charge of the organization is able to choose the roles and permissions of each user.
OpenID is a decentralized authentication system that enables single sign-on, as well as attribute sharing. It allows a user to authenticate with several sites (having to support this technology) without having to remember an identifier for each of them but by using each time a unique OpenID identifier.