Enterprise Grade Protection

Cloud Security

Data Center Physical Security
Entera uses Cloud computing services for data center hosting. Google-owned & operated EMEA data centers are certified as ISO 50001:2018 compliant after undergoing an audit by an independent third-party auditor. Learn more about Cloud Computing Services | Google Cloud

Data centers
Google data center features 6-layer security with custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometrics, and laser beam intrusion detection. They are monitored 24/7 by high-resolution cameras that can detect and track intruders. Only approved employees with specific roles may enter. Learn more about The 6 Layers of Google GCP Data Center Security

Network Security

In-house security service
Entera has a dedicated and enthusiastic security and operations team that responds to security alerts and events.

Third-party penetration tests
Third-party penetration tests are conducted for the application and supporting infrastructure at least once a year. Any results from the tests are monitored until corrected.

Threat detection
Entera uses Google Cloud's threat detection services to continuously monitor for malicious and unauthorized activity. Learn more about Google Event Threat Detection

Vulnerability scanning
We regularly conduct internal scans of infrastructure and applications for vulnerabilities. When issues are identified, they are monitored until they are fixed.

Protection against DoS attacks
Entera uses a number of DDoS attack protection strategies and tools to mitigate DDoS attack threats. We use a sophisticated Google Cloud Armor with built-in protection against DDoS attacks, as well as our own application-specific mitigation tools and techniques. Learn more about Google Cloud Armor

Access control
Access is restricted according to the minimum privilege model required for our employees to do their jobs. This is subject to frequent internal audits as well as technical enforcement and monitoring to ensure compliance.


In Transit
Communication with Entera is encrypted using TLS 1 or higher over public networks. We follow community testing and research in this area and continue to implement best practices in terms of encryption implementation and TLS configuration.

At rest
Entera data is encrypted when stored using standard AES-256 encryption. By default, we encrypt at the asset or object level.

Availability and continuity

Entera is deployed in a public cloud infrastructure. Services are deployed in multiple availability zones to ensure availability and are configured to scale dynamically in response to measured and expected load. Simulated load tests and API response time tests are included in our release and testing cycle.

Disaster recovery
In the event of a major region outage, Entera has the ability to deploy our application to a new hosting region. Our disaster recovery plan ensures service availability and easy recovery in the event of such a disaster. This plan is regularly tested and reviewed for areas of improvement or automation.
The disaster recovery deployment is managed by the same configuration and release management processes as our production environment, ensuring that all configurations and security controls are properly applied.

Application security

Quality assurance
Entera's quality assurance team reviews and tests the code base. The security team has the resources to investigate and recommend remediation of security vulnerabilities in the code. The QA team is provided with regular synchronization, training, and security resources.

Environmental segregation
Test, middleware and production environments are segregated from each other. No customer data is used in any non-production environment.

Personal Security

Security awareness
Entera has a robust security awareness training program that is conducted within 30 days of new hires and annually for all employees. In addition, we provide quarterly specialist training to key departments, including secure coding, data legislation, and compliance obligations.

Information security program
Entera has a comprehensive set of information security policies covering a range of topics. These are distributed to all employees and contractors, and validation is tracked against key policies such as the Acceptable Use Policy and the Information Security Policy.

Access control
Access to systems and network devices is based on a documented, approved request process. Two-factor authentication is required for logical access to platform servers and management systems. Periodic verification is performed to determine that the user ID holder is still operational and assigned to the appropriate role. Access is further restricted by system permissions using a minimum privilege methodology, and a documented business requirement is required for all permissions. Exceptions identified during the verification process are corrected. Business needs are rechecked quarterly to determine that access is commensurate with users' job responsibilities. Exceptions identified during the re-verification process are corrected. User access is revoked upon termination or change of position.

Data Privacy

Vendor Management
Entera understands the risks associated with the mismanagement of suppliers. We assess and monitor the supplier onboarding process and steps for all our suppliers prior to engagement to ensure that their security meets the appropriate standards. If they do not meet our requirements, we do not move forward with them. Selected suppliers are then continuously monitored and reassessed against the relevant changes.

Responsible Disclosure
At Entera, we consider the security of our systems a top priority and Entera believes that working with a skilled security research community helps improve our security posture.

If you have any questions, please contact us team@entera.global.