Security
azuma has a very high focus on security.
That translates to the way we manage our
- Infrastructure setup and maintenance (see details in Infrastructure Setup)
- Data access and visibility
- Secret creation and rotation
- Product architecture and communication (see Zero Trust Architecture)
Zero Trust
Zero Trust is a security architecture framework that assumes that all networks, devices, and users, whether inside or outside an organization's network, are potential threats. It emphasizes the principle of "never trust, always verify" and requires every user, device, and application to be authenticated and authorized before granting access to any network resources.
Many cloud based architectures place implicit trust in a network based secure setup, such as virtual network configuration that prohibits public access and allows only communication between the defined partners. While such setups are usually very safe, there is always some margin for errors or vulnerabilities, which can be as simple as an opened port (even for a short time) or an exploit, that could get access to the network via one of the partners.
In a Zero Trust setup, getting access to the network will not expose any data - as network is regarded as "hostile". Each request is verified based on a defined set of access rules. This ensures least privilege access to only explicitly authorized resources. Therefore, Zero trust adds an additional layer of security to ensure your data is kept safe.
Potential Benefits:
- Enhanced Security: By authenticating and authorizing every user, device, and application, Zero Trust reduces the risk of data breaches and other cyber threats. Even if an attacker gains access to one resource, they are not automatically trusted to access other resources.
- Reduced Risk of Lateral Movement: Through the isolation of resources and enforcing access control policies Zero Trust makes it more difficult for attackers to move laterally across the network and access other resources.
- Simplified Compliance: By enforcing access control policies and providing detailed audit logs Zero Trust can simplify compliance. It can help organizations comply with industry regulations such as GDPR, HIPAA, and PCI.
- Improved Visibility: By monitoring every transaction and activity Zero Trust provides improved visibility into the network. It enables security teams to detect and respond to threats in real-time.
- Scalability: Through its high degree of scalability Zero Trust can accommodate organizations of all sizes. It can be implemented across multiple environments. Including on-premises, cloud, and hybrid environments, thus making it a suitable solution for organizations with complex IT infrastructures.
Overall, Zero Trust can help organizations better protect their networks, devices, and users from cyber threats with a flexible architecture that can change with their requirements. 甲
With azuma providing solutions for digital health we are convinced that implementing a Zero Trust architecture for all our products is the best way to provide secure and sustainble technology.
Secure Cloud Infrastructure
azuma leverages cloud infrastructure providers that are regularly certified and provide the highest levels of data security and availability. azuma provides a health status page for all its services:
In case you are uncertain of how this use of cloud infrastructure may impact DSGVO / GDPR issues rest assured: Our providers are strictly certified.
As there are still some uncertainties in the minds of some stakeholders if cloud services can legally be employed in healthcare: Rest assured we employ all necessary steps to adhere to the relevant regulations, ensuring compliance to DSGVO/GDPR regulations.