Security assurance

Transparency is the key to trust

Security Assurance

We are open about our security controls and policies, so if you’d like to know more, please let us know.

Principles

• Privacy by design
• Security by design
• Defense in depth

The software must adhere to principles as least privilege and ´need to know´ base. We do this in such a way that we are able to remain user friendly.

Privacy & compliance

Privacy Policy

Read our privacy policy here.

Data storage

Lupasafe retains customer data as long as the customer uses the service. If the customer no longer uses the service, all customer data will be removed from the cloud. Before data is deleted, the data can be exported to the customer in a format agreed between the customer and Lupasafe. Data is stored at Microsoft Azure in Amsterdam and can be hosted on request in a geographical location of your choice. Customer data and third parties Lupasafe will not disclose customer data to any third party (including law enforcement, other government agencies or civil litigants) except at the customer’s request or required by law. If we are forced to disclose customer information to a third party, we will immediately notify the customer and provide a copy of the demand, unless prohibited by law. This policy is in line with Microsoft’s policy for Microsoft Azure.

GDPR

Lupasafe only processes our customers and their customers’ data in accordance with the signed processer agreement. Lupasafe provides strong security measures to prevent unauthorized access to personal data. This includes encryption of data and access control.

Compliance

Lupasafe is built on Microsoft Azure cloud technology. Learn more about Azure Security and Compliance here: Microsoft Service Trust Portal.

Regular independent pentest

Lupasafe commissions yearly an independent third-party to black-box and grey-box the platform and sign-up process. The certificate and summary is available to our partners and clients.

Policies & Certifications

Lupasafe is almost ISO 27001 certified. We expect to complete the final audit in Autumn 25. After this we will continue with the ISEA3402. At Lupasafe, we adopt the policies of ISO 27001, NEN7510, NIST (US National Institute of Standards and Technology), Cyber Essentials Standard, Framework Secure Software (Secure Software Alliance), OWASP Secure Coding Practices and NCSC Guidance.

Product security

Logging

Lupasafe logs all application actions at the API level. Logs are kept for 30 days.

Management

For the management of the application, a few functional administrators have access to the management portal, who use a separate login and enforce two-factor authentication. The management portal does not have access to customer data, only the settings and general customer information (such as subscription type, etc.) to perform general administrative tasks. The audit logs can be checked from the management portal. Within the Lupasafe portal we have supervisor/support accounts (separate usernames and passwords and mandatory two-factor authentication). These accounts have access to a subset of customers to provide support when needed. Each account is protected by a password, preferably at least 50 characters, randomly generated. Passwords must be kept strictly personal and stored only in validated and approved password managers. The strong preference for two-factor authentication is to use FIDO2 devices (e.g. YubiKeys or Solokeys). Every storage device we use for any type of work for Lupasafe must be encrypted. Passwords for Lupasafe accounts are stored using Argon2 V1.3. Passwords are chosen by the user or generated randomly. We will never be able to retrieve your password (we will never ask for it).

SaaS security

Lupasafe can be divided into (1) agents that run on endpoints, (2) the link between agents and the Lupasafe engine and (3) the Lupasafe databases.

Agents

Lupasafe agents run on the Windows, MacOs, iOS, Android and Linux platform. In the case of Linux, we use a system user, which is the best way to run services. People cannot use these (passwordless) users unless they have the correct sudo privileges. For Windows, we run under the system account, as many services do. The reason for that is that we list (among other things, but you can with lower privileges) installed Windows patches and updates. This can only be done by querying the Windows management system. Windows requires higher privileges to do that. On MacOS, the agent runs under the privileges of the user who installed the software. We are aware that every control mitigates risk, but also entails other risks. The same goes for the Lupasafe Agent. That’s why we keep the agent logic as simple as possible. The logic and heavy processing is done on the central system.

Data security

Data transfer

All data traveling from the endpoint until it reaches the Lupasafe matching engine is encrypted. The agent and server use asymmetric encryption to communicate. We like to think critically about what we are doing and where we need to go. If you notice something we can improve on, we’d love to hear about it. We will investigate and put it on our backlog.

Data storage

Data is stored at Microsoft Azure in Amsterdam and can be hosted on request in a geographical location of your choice. Data is subject to the highest security standards. The Azure data center is ISO27001 and NEN7510 certified. The database storage is encrypted using common SQL Server techniques. Access to the data is strictly regulated. Only DB administrators can access the production database using a separated . The database is protected by a firewall and advanced Azure security techniques. We do extensive audit logging within the application and for administrative tasks. Changes to key tables are automatically captured in audit tables using database triggers. The database is backed up every hour, week and month. Backups are kept for at least two weeks, monthly backups for at least six months.

Data encrypted at REST

All customer data hosted by Lupasafe is encrypted using Microsoft Azure hosted keys 256-bit AES. The data transfer is also encrypted at rest for application data, backups and generated logs. https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

Data encrypted in Transit

All Lupasafe web applications and API services use HTTPS (HTTP over SSL). All requests to the Lupasafe services require the TLS protocol to be set to at least 1.2 (1.3 supported) A global CDN load balancing service that handles HTTPS certificate management for all public services.

Data back–up

Microsoft Azure’s built-in fault-tolerance capabilities protect customer data against individual server, network, and device failures. However, to protect customer data against user or application errors or a total loss of a region, Younium also backs up the data separately. Incremental or full database backups are encrypted and managed by Microsoft. Additional geo-replicated backups are enabled on the critical cloud services hosting customer data (aligned for GDPR compliance).

Location of customer data

All customer data is stored in Europe, currently in the Microsoft Azure West Europe region, located in the Netherlands. Access to the data is strictly regulated. Only DB administrators can access the production database using a separated . The database is protected by a firewall and advanced Azure security techniques. We do extensive audit logging within the application and for administrative tasks. Changes to key tables are automatically captured in audit tables using database triggers. The database is backed up every hour, week and month. Backups are kept for at least two weeks, monthly backups for at least six months.

Separation of development and production

Of course we have a strict separation of development, test and production environments. No production will be used in development and testing. The environments are physically separate and accounts used to access one environment can never be used to access another.

Data assurance and subprocessors

Read more about our data assurance and subprocessors here

Incident Management

Disaster recovery

The recovery time objection (RTO) defines the length of time and service level acceptable to restore services after an incident. This appeal is handled based on the severity and type of incident encountered. The recovery point, also known as RPO, in case of major data loss or corruption is highly related to the SLA and backup capabilities of the Azure cloud services. Example Scenarios: A long-term outage of the Western Europe Azure Cloud region Application error corrupts data and/or causes data loss (some or all tenants) User error (or application error) causes corrupt and unrecoverable data for a tenant The most critical Lupasafe services are replicated geographically across different Azure regions. For example, the load balancer that routes the incoming network traffic can be routed to a passive instance in the event that a major problem is detected.

Procedure for data breaches

Threat detection monitoring services are enabled to detect and notify infrastructure managers in case of suspicious data exfiltration and detection of abnormal behavior. Security breaches and detected vulnerabilities are reviewed by the various team stakeholders once the information is generated. Once the severity level and scope of the issue has been assigned to the incident, all affected customers will be contacted as soon as possible with available details and information. Follow-up notifications, including updates and status updates, will also be sent until the incident is resolved. The severity level assigned during the initial assessment is then discussed with product and customer success managers before a notification is sent to affected customers.

Availability and reliability

Monitoring

The availability and monitoring of the various services is managed through a combination of Datadog & Azure alerts. The Lupasafe service has a special set of monitoring alerts, which are based on fixed or dynamic metric thresholds. Custom logs generated by the application are processed and analyzed using the Datadog platform.

Scaling

The Lupasafe architecture that combines a load balancer as entry point and the Azure Paas services as backend enables scaling of these different backend services in case of performance issues or unexpected load increases.

Status

The status and ‘health’ of Lupasafe and its integrations are presented via the link below. Current and past incidents are listed on this page. https://status.lupasafe.com/

Infrastructure

Azure-overview

Lupasafe uses Microsoft Azure as cloud hosting provider.

Azure is a leading platform that offers built-in security controls and comprehensive controls.

Test environments

Multiple environments are used for QA and validation purposes (none of these environments contain sensitive customer data).

CI/CD

The process involving the new release implementations uses automated CI/CD pipelines.

Before changes can be deployed and hosted in the Younium cloud infrastructure, all code changes must go through a code review process and QA validation.

DevSecops

In addition to the required code review steps mentioned earlier, additional security scanning tools are included in the CI/CD process to detect vulnerabilities

More information on our support portal or read our client trust plan here. Read our complaints policy here.