All ingress ports, whether on internal or external interfaces, are protected by security groups, which are automatically configured by Paxata’s system configuration tool. Customer/public facing ingress ports are: TCP 80/443.
Paxata utilizes jump hosts for SSH access to production infrastructure and all production admins are access-controlled using multi-factor authentication.
The production accounts use strict IAM roles and only key employees with a verified business need receive administrative access.
We do not allow any customer-requested security scanning agents to be installed in our production SaaS environment. Paxata leverages an on-demand cloud computing platform to perform vulnerability scans against the environment. Penetration testing of Paxata is executed by a qualified third-party assessor and the results are integrated into the development workflow based on priority. Upon request, we can schedule vulnerability scans of our SaaS offering and coordinate the request with our cloud computing platform service.
Paxata utilizes TLS and HTTPS to encrypt the data when in transit. Paxata stores the data in an encrypted format when it is at rest to prevent access by unauthorized parties.
Native Paxata accounts (defined as accounts that are not using LDAP or SAML) adhere to the following password requirements: the password must contain at least one number, one lowercase letter, one uppercase letter and one special character (!@#$%^&*+=), and at least 8 characters.
Paxata does not enforce account lockout policies or have any account lockout policy management capabilities for Native accounts.
For SAML authentication, the account policies and password requirements configured with the customer's SAML Identity Provider are enforced.
Production service accounts cannot be used for logins by any admin or user. The account is strictly used only to startup and run the Paxata application. The account does not have any access to customer data or permissions within Paxata.
Operating System security patches are applied to our Production SaaS environment after a security threat assessment/review. Careful testing is performed prior to applying any security updates so as to not compromise the integrity of our application/services. Application security updates to our SaaS offering are applied as soon as a fix is available.