SECURITY WHITEPAPER
SECURITY WHITEPAPER
Customer Data Protection
CONFIDENTIAL INFORMATION
Confidentiality of customer data is a prerequisite and the top priority for any business implementing a cloud-based print management application . The architecture of YSoft SAFEQ Cloud and the technical and organizational measures and controls implemented by Y Soft ensure that the confidentiality of customer data is maintained at the level matching fully on-premises alternatives .
LOGICAL TENANT SEPARATION
Y Soft provides a highly scalable , multi-tenant SaaS solution . The Y Soft user interface and APIs ( Application Programming Interface ) restrict access to authorized content exclusively . Y Soft logically segments the data using portal IDs and associates that unique ID with all data and objects specific to a customer . Information is made available via the user interface or APIs to be produced for a specific Y Soft portal , without the risk of cross-portal access or data pollution .
Authorization rules are incorporated into the design architecture and validated on a continuous basis . Additionally , we log application authentication and associated changes and application availability .
ENCRYPTION IN-TRANSIT AND AT-REST
All sensitive interactions with Y Soft products , including API calls and authenticated sessions , are encrypted in transit using TLS version 1.3 and 2,048-bit keys or better . This ensures that data transmitted between clients and servers remains secure and protected from interception or tampering .
To further safeguard data , YSoft leverages multiple technologies to ensure that stored data is encrypted at rest . Platform data is stored using AES-256 encryption , a robust and widely accepted standard for data security . User passwords are hashed according to industry best practices and are also encrypted at rest , providing an additional layer of security .
For gateways , including the OMNI Bridge , we employ a 256-bit encryption key and the AES-GCM encryption method to encrypt job data . This method provides both confidentiality and integrity of the data . An encryption key is generated for each account and is rotated according to the account ' s configuration , ensuring that encryption remains strong and up-to-date . This encryption mechanism is specifically applied to data at rest , ensuring comprehensive protection for all stored data .
Additionally , certain email features are designed with an extra level of both at-rest and in-transit encryption , enhancing the overall security posture of Y Soft products . These measures collectively ensure that sensitive information is consistently protected across all facets of data handling and storage .
KEY MANAGEMENT
Encryption keys for both in transit and at rest encryption are securely managed by the Y Soft platform . TLS private keys for in transit encryption are managed through our content delivery partner . Volume and field level encryption keys for at rest encryption are stored in a hardened Key Management System ( KMS ). Keys are rotated at a frequency that is dependent upon the sensitivity of the data they are encrypting .
YSoft SAFEQ Cloud - 21 - YSOFT . COM