Adeptia Connect provides a secure end-to-end encrypted environment for the data that is transferred and exchanged between the companies and its partners. Adeptia has multiple features that make the data secure right from the implementation until the transaction is complete. This further ensures that all the data transacted through Adeptia is secured and does not move out.
...
The severity assigned to each vulnerability was calculated using the NIST 800-30 r1 standard. This standard determines the risk posed by the application based on the likelihood an attacker exploits the vulnerability and the impact that it has on the business.
Likelihood
The difficulty of exploiting the described security vulnerability includes required skill level and the amount of access necessary to visit the element susceptible to the vulnerability. The difficulty is rated with the following values:
- Critical: An attacker is almost certain to initiate the threat event.
- High: An untrained user could exploit the vulnerability or the vulnerability is very obvious and easily accessible.
- Medium: The vulnerability requires some hacking knowledge or access is restricted in some way.
- Low: Exploiting the vulnerability requires application access, significant time, resource or a specialized skillset.
- Minimal: Adversaries are highly unlikely to leverage the vulnerability.
Impact
The impact the vulnerability would have on the organization if it is exploited successfully is rated with the following values:
...
- Cigital Inc.
- Intuit Inc.
- Salesforce Inc.
- Amazon AWS
- SAP
- BigCommerce
- BambooHR
Certain Adeptia Connect Connectors use certificates in order to ensure security when transmitting data across a communication protocol. Connectors such as FTPS, SFTP, HTTPS, and many others requires the use of certificates in order to encrypt data and channels and to verify the digital signature of the application sending the data. The Certificate Component can use an existing key obtained from a certificate authority such as VeriSign or a key generated by Adeptia.
Logical separation of Objects
Adeptia Connect follows these guidelines to logically separate objects.
- One company's objects cannot be accessed by any other company
- Every object tagged with Company ID
- Data store schema design
- Code/logic enforces access by Company ID
- Encrypted Databases and Storage
User Authentication
Adeptia Connect follows these guidelines to provide secure authentication for user access.
- Users are added through invitation only
- User monitoring by the admin
- Strict Password policies
- Strong password enforced
- Password retries are limited
- Password expiry option available
- Users can be deactivated before deleting
- Separate environments for separate departments to segment users
Role-Based Security
Adeptia Connect follows these guidelines to provide Role-Based Security.
- Admin – IT Users
- Manage access
- Monitor User activity
- User Control
- Governance
- Admin can give access to business users
- Admin controls what connectors are available
- Admin has complete authority to revoke access
Authorized Access
Adeptia Connect follows these guidelines for User Authorization.
...
• Admin has the ability to grant and revoke access.
Data Security
It is important to note that at no point during the Connection configuration or run-time process does Adeptia Connect store the data. Adeptia Connect is engineered to optimize interoperability of applications and facilitate your integration processes without saving your data in our data center, unless specifically configured to do so.
There is no data stored on Adeptia and the local copy of the data is deleted automatically when the data transfer is completed. Even when a temporary local copy of business data is stored on the hard drive, Adeptia supports encryption-at-rest to ensure that data is encrypted.
...