Security & Compliance Overview

Security Posture WITH TruGrid

Remote-Access-Diagram2x

Potential Risks WITHOUT TruGrid

End User:

  • No MFA / 2-step Verification
  • Unsecure TCP ports connections

Customer Infrastructure:

  • AD exposed to password cracking
  • No Identity Management risk detection
  • Firewalls exposed to port scanning
  • Firewalls exposed to DDoS attacks
  • VPN Gateway exposed to password hacking
  • No vulnerability scanning
  • No Intrusion Detection / Prevention
  • No geo-location IP blocking

 

No-TG-Remote-Access@2x

TruGrid Security & Compliance Details

Azure Hosting Facility Compliance

Encryption

  • Encrypted traffic
  • Transparent Data Encryption (TDE)
  • HTTP Strict Transport Security
  • Automatic HTTPS rewrites
  • Enforce Modern TLS (1.2 & 1.3)

Threat Prevention and Management

  • Vulnerability scanning
  • Database threat detection
  • Database vulnerability assessments

Network Security

  • DDoS mitigation
  • Network and IP abstraction
  • Firewalls
  • Virtual Network isolation

Authentication

  • Mandatory MFA
  • No passwords stored in our database
  • Proprietary AD anti-hacking features

Fraud Prevention

  • Identity Management risk detection
  • Multi-factor authentication
  • Suspicious login monitoring
  • Geo-IP blocking

Application & Platform Security

  • Hosted on Microsoft Azure Platforms
  • Transparent Data Encryption (TDE) on databases
  • No passwords stored in our database
  • Role-based application security
  • User level encryption of sensitive data
  • Session time-out functionality

Other Security Considerations

  • We host all systems in the United States on Microsoft Azure
  • We are incorporated and headquartered in the United States
  • We are governed by the laws of the United States

TruGrid Application-Specific Compliance Information

  • PCI Compliance - We do not store customer credit cards or financial information in our database. We use a third-party provider for credit card processing. We securely transmit data to our PCI compliant payment provider via Point-to-Point Encryption (P2PE).

  • HIPAA Compliance - Neither our product, nor any single product, can help an organization achieve HIPAA compliance, however, our product can help an organization improve their HIPAA compliance by improving the security around remote access to healthcare information.

  • GDPR - We are committed to compliance with EU General Data Protection Regulation (GDPR) where applicable.