Data security

Securely hosted on Microsoft Azure

Martini systems are hosted on virtual private clouds provided by Microsoft Azure. We leverage on the multi-layered security measures provided by Microsoft across physical data centres, infrastructure and operations in Azure and the state-of-art security delivered in the global data centres.

By using Microsoft Azure, Martini benefits from a team of more than 3,500 global cyber-security experts that work in Azure. Most importantly, Microsoft Azure is a cloud provider that is already trusted by many of our customers. For more information on Azure’s security, certification and compliance measures, please refers to Azure’s security documentation.

Data encryption for secure file transfer

We use Microsoft OneDrive to facilitate the transfer and storage of documents. All data-in-transit and data-at-rest are encrypted with the state-of-art data security measures, in addition to Azure’s multi-layered security measures on physical data centre security, network security, access security, application security, and data security.

Encryption of data in transit: all communication with the OneDrive server uses SSL/TLS connections. All SSL connections are established using 2048-bit keys. Any movement of data between datacentres for disaster recovery reasons, there will be SQL Server transaction logs and blob storage deltas travel along the pipe. While this data is already transmitted by using a private network, it is further protected with best-in-class encryption.

Encryption of data at rest: this contains two key components, BitLocker disk-level encryption and per-file encryption of customer content. BitLocker disk-level encryption is deployed across the service. Per-file encryption is also deployed, which goes even further by including a unique encryption key for each file. Every step of this encryption uses Advanced Encryption Standard (AES) with 256-bit keys and is Federal Information Processing Standard (FIPS) 140-2 compliant. The encrypted content is distributed across a number of containers throughout the data centre, and each container has unique credentials.

For further details, please refer to Azure’s data encryption policy.

Access security

Access to the Martini’s interactive interface is via HTTPS. In HTTPS, all the communication protocol is encrypted using Transport Layer Security (TSL) or Secure Sockets Layer (SSL).

Martini adheres to the principle of least privilege by allowing only enough access to perform the required job. Hence, no employees ever access your private account or files unless required for support reasons. When working a support issue we do our best to respect your privacy, we only access the files and settings needed to resolve your issue. All files and private information are deleted as soon as the support issue has been resolved.

We are able to provide further access security by applying IP restrictions to customer environments, preventing access from networks other than those of the customer site. Individual customer datasets can be isolated at the infrastructure level using separate databases.

Software maintenance

Martini software is kept constantly up to date with the latest enhancements and fixes. We continuously deliver changes from development and content teams to customer production environments. Security considerations are built into our software lifecycle so that we can identify during the development phase which feature might impose security implications. On request, we work with customers to perform a penetration test on our application and will do so on a continuous basis.

Last updated: 2 December 2019