Security & Compliance Overview

RDP Security with TruGrid

RDP risks without TruGrid

End User:

  • No MFA / 2-step Verification
  • Unsecure TCP ports connections

Customer Infrastructure:

  • AD exposed to password cracking
  • No Identity Management risk detection
  • Firewalls exposed to port scanning
  • Firewalls exposed to DDoS attacks
  • VPN Gateway exposed to password hacking
  • No vulnerability scanning
  • No Intrusion Detection / Prevention
  • No geo-location IP blocking

TruGrid Compliance Details

Azure Hosting Facility Compliance


  • Encrypted traffic
  • Transparent Data Encryption (TDE)
  • HTTP Strict Transport Security
  • Automatic HTTPS rewrites
  • Enforce Modern TLS (1.2 & 1.3)

Threat Prevention and Management

  • Vulnerability scanning
  • Database threat detection
  • Database vulnerability assessments

Network Security

  • DDoS mitigation
  • Network and IP abstraction
  • Firewalls
  • Virtual Network isolation


  • Mandatory MFA
  • No AD passwords stored in our database
  • Proprietary AD anti-hacking features

Fraud Prevention

  • Identity Management risk detection
  • Multi-factor authentication
  • Geo-IP blocking (coming soon)

Application & Platform Security

  • Hosted on Microsoft Azure Platforms
  • Transparent Data Encryption (TDE) on databases
  • No AD passwords stored in our database
  • Role-based application security
  • Session time-out functionality

Other Security Considerations

  • We host all systems in the United States on Microsoft Azure
  • We are incorporated and headquartered in the United States
  • We are governed by the laws of the United States

TruGrid app-specific Compliance

  • PCI Compliance – We do not store customer credit cards or financial information in our database. We use a third-party provider for credit card processing. We securely transmit data to our PCI compliant payment provider via Point-to-Point Encryption (P2PE). TruGrid can help your company improve PCI compliance by eliminating the need for open RDP and HTTPS ports for remote access, and by adding MFA security to remote logins.

  • HIPAA Compliance – Neither our product, nor any single product, can help an organization achieve HIPAA compliance, however, our product can help an organization improve their HIPAA compliance by improving the security around remote access to healthcare information.

  • GDPR – We are committed to compliance with EU General Data Protection Regulation (GDPR) where applicable.