Secure hosting: Qorus is hosted on Microsoft Azure Cloud infrastructure. Azure applies security mechanisms at different layers of their cloud offering with a defence-in-depth approach. Azure -security measures include:
Physical security of the data centers (locks, cameras, biometric devices, card readers, alarms)
Firewalls, application gateways and IDS to protect the network
Access Control Lists (ACLs) applied to virtual local area networks (VLANs) and applications
Authentication and authorization of persons or processes that request access to data
Hardening of the servers and operating system instances
Redundant internal and external DNS infrastructure with restricted write access
Securing of virtual machine objects
Securing of static and dynamic storage containers
Holistic integrated Intrusion detection and prevention and DDoS protection.
Extensive Compliance Program - To help organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Microsoft offers a highly comprehensive set of certifications and attestations. Details on Microsoft Azure compliance program are available at the Microsoft Azure Trust Center website.
Protecting customer data - Qorus does not store any Personal, Financial or Health information, however every effort is made to protect the stored information from unauthorised access, using the following security strategies.
Separation of duties- A limited number of technical staff have access to the Qorus production environments. All production services account and database access details are only configured in production on a set and forget basis. Where necessary, encryption keys and system passwords are securely backed up on to physical media and locked away in a fire proof safe at Qorus Software.
Multifactor authentication – All access to the portals used to manage the production environment are protected using multi factor authentication. Access to these portals is logged and the logs are reviewed on a regular basis.
Application firewalling - Qorus make use of state of the art application firewalling to detect anomalies like SQL injection and maliciously malformed requests. Any attempts to bypass security measure are alerted on and reported to Qorus Softwares’ dedicated technical operations team.
Encryption in transit - All client server communication in the solution is encrypted using Transport Layer Security (TLS). Weak cyphers are disabled and Forward Secrecy is enabled wherever possible.
Tenant segregation - Each customer has their own separate database. Access to these databases is managed via tokens presented to the solution from the customer’s authentication session. These tokens are continuously verified for authorization before access is granted to any databases.
Data movement and media management - No data is moved out of the datacenters unless specifically instructed by the client. All database backups are retained in the datacenter region and are not moved off site.
Azure built in fault tolerance for High Availability.
App Services - Qorus is deployed on Azure App services which make use of built-in Azure fault tolerance and load balancing to ensure high availability.
Fault and Update domains - All Qorus components are distributed across multiple Azure Fault and Update domains. This ensures that any single point of failure can be mitigated so that it does not cause downtime. It also allows Azure the ability to regularly patch and update the underlying infrastructure without causing any significant impact.
Real time monitoring and Alerting.
Qorus technical staff make use of several different monitoring and alerting systems including Visual Studio App Insights for Azure. The solution is configured to generate constant feedback on performance of the Qorus solution as well as anomalies and potential issues. Qorus Software has a dedicated team of support specialists who receive and interrogate these alerts to proactively manage the solution in the most effective and efficient way possible.
Failover Datacenters - Azure datacenters are configured in regions with at least 2 datacenters in each region.
Geo-replication - Qorus make use of Azure Geo-replication which enables rapid recovery from a catastrophic datacenter failure. Data is replicated in real time between the primary and DR Datacenters.
Application scaling - Microsoft Azure give Qorus the ability to automatically bring additional instances of the solution online as demand increases. This expansion is transparent to the customer and does not require downtime.
Scale-Out - The solution is architected in such a manner to allow the Web and Application tier to be scaled out automatically based on predefined performance metrics. Local read-through caching and durable queues are some of the technologies used to enable this rapid expansion.
Scale-Up - Database performance is scaled up using Azure elastic database pools. This technology allows Qorus to rapidly increase the resources available for all client databases instantly without any downtime.