<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=737602866383909&amp;ev=PageView&amp;noscript=1">

Qorus Platform: Security and Business Continuity

Last Modified: March 19, 2019

  1. Security
    • Secure hosting: Qorus is hosted on Microsoft Azure Cloud infrastructure. Azure applies security mechanisms at different layers of their cloud offering with a defense-in-depth approach. 
Azure -security measures include:
      • Physical security of the data centers (locks, cameras, biometric devices, card readers, alarms)
      • Firewalls, application gateways and IDS to protect the network
      • Access Control Lists (ACLs) applied to virtual local area networks (VLANs) and applications
      • Authentication and authorization of persons or processes that request access to data
      • Hardening of the servers and operating system instances
      • Redundant internal and external DNS infrastructure with restricted write access
      • Securing of virtual machine objects
      • Securing of static and dynamic storage containers
      • Holistic integrated Intrusion detection and prevention and DDoS protection.
    • Extensive Compliance Program - To help organizations comply with national, regional, international and industry-specific requirements governing the collection and use of individuals’ data, Microsoft offers a highly comprehensive set of certifications and attestations. Details on Microsoft Azure compliance program are available at the Microsoft Azure Trust Center website.
    • Authentication- Qorus makes use of the users’ Office 365 credentials (Customer instance of Azure AD) to authorize access to the system. No user credentials are stored by Qorus. Once the user successfully authenticates against his/her Office 365 credentials, an oAuth provider issues tokens to the trusted clients.
    • Protecting customer data - Qorus collect your first and last name, company name, country, state and email address as Personal information. Customer content is stored in their own instance of SharePoint Online. Qorus only access the information via its interface. However, every effort is made to protect the stored information from unauthorized access, using the following security strategies:
      • Separation of duties - A limited number of technical staff have access to the Qorus production environments. All production services account and database access details are only configured in production on a set and forget basis
      • Multifactor authentication – All access to the portals used to manage the production environment are protected using multi factor authentication. Access to these portals is logged and the logs are reviewed on a regular basis.
      • Application firewalling - Qorus make use of state of the art application firewalling to detect anomalies like SQL injection and maliciously malformed requests. Any attempts to bypass security measure are alerted on and reported to Qorus Software’s dedicated technical operations team.
      • Encryption in transit - All client server communication in the solution is encrypted using Transport Layer Security (TLS). Weak cyphers are disabled.
    • Data Security
      • No data is moved out of the datacenters unless specifically instructed by the client. All databases are retained in the datacenter region and are not moved off site.
  1. High Availability
    • Azure built-in fault tolerance for High Availability.
      • App Services - Qorus is deployed on Azure App services which make use of built-in Azure fault tolerance and load balancing to ensure high availability.
      • Fault and Update domains - All Qorus components are distributed across multiple Azure Fault and Update domains. This ensures that any single point of failure can be mitigated so that it does not cause downtime. It also allows Azure the ability to regularly patch and update the underlying infrastructure without causing any significant impact.
    • Real time monitoring and Alerting.
      • Qorus technical staff make use of several different monitoring and alerting systems including Application Insights for Azure. The solution is configured to generate constant feedback on performance of the Qorus solution as well as anomalies and potential issues. Qorus Software has a dedicated team of support specialists who receive and interrogate these alerts to proactively manage the solution in the most effective and efficient way possible.
  1. Disaster Recovery
    • Failover Datacenters - Azure datacenters are configured in regions with at least 2 datacenters in each region.
    • Geo-replication - Qorus make use of Azure Geo-replication which enables rapid recovery from a catastrophic datacenter failure. Data is replicated in real time between the primary and DR Datacenters.


  1. Scalability
    • Application scaling - Microsoft Azure give Qorus the ability to automatically bring additional instances of the solution online as demand increases. This expansion is transparent to the customer and does not require downtime.
    • Scale-Out - The solution is architected in such a manner to allow the Web and Application tier to be scaled out automatically based on predefined performance metrics. Local read-through caching and durable queues are some of the technologies used to enable this rapid expansion.
    • Scale-Up - Database performance can be scaled up via Azure SQL Scaling. This technology allows Qorus to rapidly increase the resources available for all client.