CLOUD SECURITY AND PRIVACY
Protecting both personal and business data of MARMIND users is a main concern for UPPER Network GmbH as the provider and operator of the MARMIND cloud software. Therefore, UPPER Network uses Microsoft Azure as the cloud platform for MARMIND as it meets the highest security standards.
UPPER Network takes all possible technical safeguards against unauthorized access to both personal data of MARMIND users as well as all data stored and managed per account. This includes measures for preventing access, copying, changing, deleting, re-use, distribution, transmission, manipulation, or disclosure of information by unauthorized third parties.
How do you generally prevent access to information?
- MARMIND uses HTTPS-encrypted access at all times.
- Microsoft Azure guarantees state-of-the-art security measures (firewalls, encryption, etc.) that prevent unauthorized use, reuse, distribution, transmission, manipulation, copying, modification, access, or disclosure of data. Find out more
- For protection against online threats, UPPER Network uses Microsoft Azure antimalware cloud services. Microsoft also uses attack detection, prevention of DDoS attacks (Denial of Service), regular penetration testing, data analysis, and machine learning tools in order to support the prevention of threats to the Azure platform.
- As part of their duty to protect customer data, Microsoft Azure meets the world’s first standard for data protection in the cloud: ISO/IEC 27018 8
- Data security is managed by Microsoft, and UPPER Network’s IT staff is Microsoft-certified.
How do you prevent access to the backend systems?
- Access to the Microsoft Azure cloud infrastructure is restricted to UPPER Network employees only (no third-party or external users have access).
- MARMIND itself has no administrator roles that allow access to the MARMIND backend systems (cloud infrastructure services, databases, etc.).
- Access (log events) on the Azure infrastructure is monitored and access reports can always be generated.
- More information on the Microsoft Azure Data Center and access security can be found here.
What methods or tools are used for system monitoring?
- Monitoring of the cloud infrastructure, servers, and databases are performed by Azure monitoring on the management user interface.
- In addition, Nagios monitoring is used for detailed monitoring of server activity.
- Further, application-specific monitoring and logging for MARMIND cloud services were developed to monitor access to the API interfaces, error handling, user activities, performance, and other important system KPIs.
- The MARMIND application automatically generates log files with important and relevant information for possible debugging (operations, events, exceptions, errors, etc.).
- When examining incidents, the accuracy and amount of logged data can be changed to facilitate troubleshooting (only accessible and performed by UPPER Network’s IT staff).
Can customers access logfiles?
- No, the log files are created and stored within the protected area of the Azure infrastructure.
- Access to log files by unauthorized external persons is denied.
- MARMIND does not provide an optional administrator role that could be unlocked for temporary access to backend or monitoring data.
- If necessary, log files can be generated and provided to customers with approval by UPPER Network.
Do your servers use public keys?
- All MARMIND web servers managed by UPPER Network exclusively use SSL certificates that have been issued by Trusted Certification Authorities.
What methods to improve data security are in place?
- Microsoft conducts regular penetration tests to improve Azure security controls and processes.
- User or administrative access is always encrypted (HTTP or VPN).
- Local firewalls are active on all Azure servers used to operate MARMIND.
- Inactive sessions are terminated automatically after a certain period of time.
- More information on Azure security best practices can be found here.
How is the security of the cloud infrastructure ensured in the future?
- Microsoft continuously improves the security standards of its cloud solution. Find out more
- Microsoft is constantly increasing the number of compliance certifications
Where is data stored?
- MARMIND data and backups are stored on multiple, physically separate, secure locations within Germany (backup data using encryption keys).
- Live data (user and account-related data) of MARMIND users is stored in Microsoft Azure data centers in Germany.
How is the backup data stored?
- Backup data is stored using exclusive server encryption keys on a secure Azure data center infrastructure.
- All data backups are encrypted and stored in a separate location.
- More information on the Azure Network Security
Who owns the data in the cloud?
- Microsoft Azure ensures that all MARMIND data stored in the cloud remains solely under the control of UPPER Network. This applies to all data, including text, audio, video, or image files and software by UPPER Network or MARMIND customers.
- Neither Microsoft nor UPPER Network uses user and customer data entered and managed in MARMIND for advertising purposes or for data mining, nor is information derived from it for such purposes without the consent of the customer.
ACCESS TO DATA
Who can access the data in the cloud?
- Personal and account-related data: Individual users authorized by the customer.
- Back-end systems: Only authorized UPPER Network IT staff.
- Access to customer data by third parties or companies without the consent of the customer is restricted.
- Microsoft engineers have no access to MARMIND user data without explicit permission from UPPER Network. Find out more
- Personal data of users are only accessible to UPPER Network staff who need to have access to this information in order to carry out their duties properly and to offer you the best MARMIND services and products possible.
- For non-members of MARMIND, your profile is unavailable.
- MARMIND is not searched by external search engines, meaning that your profile and your data are not accessible.
How can MARMIND data be accessed by users?
- MARMIND supports popular web browsers in the latest version (IE11 +, Chrome, Firefox, Safari) for access via desktop or mobile devices.
- MARMIND data transfer is always encrypted using HTTPS.
- There is also a mobile app for the most important MARMIND features available for Google Android and Apple iOS devices.
- Security and compatibility with the latest version of different web browsers are guaranteed by regular MARMIND updates.
How does MARMIND authentication work?
- Access to MARMIND is password protected.
- To register for MARMIND, an email address and a password including a minimum of 8 characters are required (no automatic password generation).
- User authentication takes place via OAuth 2.0, which provides secure API authorization for desktop, web, and mobile applications.
- Depending on the user role and associated privileges, access to account-related data per MARMIND account and user can be restricted.
- Cross-domain identity management is currently unavailable.
Can other cloud users access my data?
- MARMIND provides no administrative roles for customers to access MARMIND data from foreign accounts.
- MARMIND gives authorized users the option to invite other users to their own accounts and to share customer-related data with them.
- However, these rights may be withdrawn at any time (access can be removed in the user administration panel).
How is my data separated from other customer data?
- MARMIND manages user and customer data in databases and services within Microsoft Azure’s protected cloud infrastructure.
- Unauthorized access to MARMIND user and customer data is restricted by a multilevel security concept within the application.
- Access to customer data must be expressly made available to other MARMIND users.
Example: To access a document belonging to a marketing project in a company account, a new user must:
- Register as a user in MARMIND
- Be invited to the company account (“Network”)
- Be added to a project context (“Team”)
- Receive access (“Visible to”) to the document
- Secure communication is guaranteed using secure industry standards (SSL).
How is data access monitored and managed?
- Data-access to MARMIND servers, databases, and services is monitoring using system monitoring and access-logging.
- More information about security can be found here.
Which UPPER Network employees have access to MARMIND systems?
- Physical access to Azure datacenters: None. Only authorized Microsoft personnel has access.
- Access to Azure Backend: UPPER Network IT system administrators
- Access to Azure Services: UPPER Network IT system administrators, UPPER Network MARMIND Support Team
- Access to MARMIND: UPPER Network MARMIND Support Team
What happens with the data after the contract ends?
- UPPER Network deletes user- or customer-specific data after the end of the contract period. The data will no longer be available for further use.
- Customers can either back up their data or request a copy of their data prior to deletion.
- Data transmitted to third parties by users may persist as they belong to the account of the third party.
- Microsoft strictly adheres to international standards and procedures in the event of the deletion of data under supervision, securely erases data on cloud storage before reuse, and decommissions (destroys) defective hardware with customer data under the supervision of and compliance with the highest safety standards. Find out more
What happens if government or law enforcement authorities request data?
- If a government requests customer data, it must comply with the applicable legal process and submit a court order or summon Microsoft.
- If Microsoft is required to disclose customer data, UPPER Network and the customer will be informed immediately and receive a copy unless legally prohibited.
- Microsoft does not offer direct access to customer data, unless when legally compelled to do so, but always makes sure that only the data specified in the legal order is provided.
- UPPER Network will also comply with the applicable legal process and court orders in such cases.
- More information can be found here.
How is data availability guaranteed?
- Access and the utilization of infrastructure services are monitored continuously through system monitoring on multiple levels and through log files (Web Access, System Access, Manage Azure, Access Database).
- Using Microsoft Azure maximum data availability and guaranteed system reliability.
How is general loss of data avoided?
- Azure uses redundant storage
- Regular data backups
- Daily database backups
- Regular system backups
How does data exchange with external systems work?
- Data exchange with connected external systems (for example, MailChimp©) is done through a RESTful API interface, which is also used to exchange data with the web browser client or mobile client.
How is secure data exchange guaranteed?
- All communication by MARMIND is done through HTTPS encryption.
DATA SECURITY PLAN
Is there a data security plan?
- UPPER Network follows a continuous information security plan with defined security rules and procedures to ensure the security of data and systems.
- Basic data security of the Azure cloud infrastructure is ensured by Microsoft:
- UPPER Network IT staff is Microsoft certified.
- MARMIND is tested regularly based on possible unauthorized attack scenarios by UPPER Network (for example, cross-site scripting etc.). Azure platform security is regularly reviewed and guaranteed by Microsoft.
What about the software development process in general?
- MARMIND is continuously developed by UPPER Network and constantly updated.
- The development is based on agile software development methods according to SCRUM and Kanban including continuous unit and integration tests.
- UPPER Network’s software development lifecycle management employs an agile change management process including quality assurance and multilevel QA phases.
- Extensions are tested according to high QA standards on stage systems before their live release and must meet the requirements of the MARMIND security architecture concept.
- Releases of new features are carried out by SPRINT iterations including security and quality management.
- Any major bugs or blockers are addressed and resolved immediately, regardless of development planning (separate emergency lane).
- Unit and integration tests are carried out continuously and supplemented by periodic tests.
- UPPER Network thus ensures that errors are minimized, and possible security gaps are eliminated by extensions.
- Necessary security updates of the systems (servers, databases) and the application (services) are carried out timely and independently of the actual software development of UPPER Network.
How are possible security incidents discovered and documented?
- Access to the application and to Azure infrastructure and services is continuously monitored.
- Unauthorized access is monitored on various levels and documented (Web Access, System Access, Manage Azure, Access Database).
- Customers will be directly informed about security incidents and system failures.
What happens in the event of a security breach?
- Access to the MARMIND or Azure cloud infrastructure is blocked.
- Data is backed up or, in case of data loss, restored to the last consistent state.
- Customers will be directly informed about security incidents and system failures.
Are standardized security audits and assessments performed?
- Since MARMIND is completely hosted on the Microsoft Azure cloud infrastructure, ongoing security audits are carried out by Microsoft and third parties.
- For an overview of Azure compliance certifications, see https://www.microsoft.com/en-us/TrustCenter/Compliance/default.aspx and https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-home?view=o365-worldwide.
Can a customer initiate a security audit?
- Yes, but please be aware that all forms of penetration testing and scanning against Microsoft Azure have to be requested and approved in advance.
What can I do if I suspect a security breach or unauthorized access to my data?
- If you suspect unauthorized access to your account, please contact us immediately via email at email@example.com .
- The more information we get regarding an incident, the faster and better we can act, work on it, and solve it.
- If you want to request information about the data you stored in MARMIND, please contact our support staff.
Who is the responsible entity for the data protection act?
- For the security of data managed within MARMIND, UPPER Network GmbH, Seering 5/4, 8141 Premstätten, Austria, is responsible.
- As the provider and operator of MARMIND, UPPER Network GmbH always aims to protect customer data from unauthorized access, loss, misuse, or destruction under the greatest efforts.
- UPPER Network, however, assumes no responsibility for information made accessible to third parties by users themselves, be it by inviting external persons as new users in their own account or the sharing of information with external people (e.g. sending data via e-mail to third parties, publishing documents or other media assets through the “Share” function, etc.)
If you have questions or suggestions regarding data protection, please send us an email at firstname.lastname@example.org.