Data Center Physical Security Facilities Entera uses Cloud computing services for data center hosting. Google-owned & operated EMEA data centers are certified as ISO 50001:2018 compliant after undergoing an audit by an independent third-party auditor. Learn more about Cloud Computing Services | Google Cloud
Data centers Google data center features 6-layer security with custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometrics, and laser beam intrusion detection. They are monitored 24/7 by high-resolution cameras that can detect and track intruders. Only approved employees with specific roles may enter. Learn more about The 6 Layers of Google GCP Data Center Security
In-house security service Entera has a dedicated and enthusiastic security and operations team that responds to security alerts and events.
Third-party penetration tests Third-party penetration tests are conducted for the application and supporting infrastructure at least once a year. Any results from the tests are monitored until corrected.
Threat detection Entera uses Google Cloud's threat detection services to continuously monitor for malicious and unauthorized activity. Learn more about Google Event Threat Detection
Vulnerability scanning We regularly conduct internal scans of infrastructure and applications for vulnerabilities. When issues are identified, they are monitored until they are fixed.
Protection against DoS attacks Entera uses a number of DDoS attack protection strategies and tools to mitigate DDoS attack threats. We use a sophisticated Google Cloud Armor with built-in protection against DDoS attacks, as well as our own application-specific mitigation tools and techniques. Learn more about Google Cloud Armor
Access control Access is restricted according to the minimum privilege model required for our employees to do their jobs. This is subject to frequent internal audits as well as technical enforcement and monitoring to ensure compliance.
In Transit Communication with Entera is encrypted using TLS 1 or higher over public networks. We follow community testing and research in this area and continue to implement best practices in terms of encryption implementation and TLS configuration.
At rest Entera data is encrypted when stored using standard AES-256 encryption. By default, we encrypt at the asset or object level.
Availability and continuity
Uptime Entera is deployed in a public cloud infrastructure. Services are deployed in multiple availability zones to ensure availability and are configured to scale dynamically in response to measured and expected load. Simulated load tests and API response time tests are included in our release and testing cycle.
Disaster recovery In the event of a major region outage, Entera has the ability to deploy our application to a new hosting region. Our disaster recovery plan ensures service availability and easy recovery in the event of such a disaster. This plan is regularly tested and reviewed for areas of improvement or automation. The disaster recovery deployment is managed by the same configuration and release management processes as our production environment, ensuring that all configurations and security controls are properly applied.
Quality assurance Entera's quality assurance team reviews and tests the code base. The security team has the resources to investigate and recommend remediation of security vulnerabilities in the code. The QA team is provided with regular synchronization, training, and security resources.
Environmental segregation Test, middleware and production environments are segregated from each other. No customer data is used in any non-production environment.
Security awareness Entera has a robust security awareness training program that is conducted within 30 days of new hires and annually for all employees. In addition, we provide quarterly specialist training to key departments, including secure coding, data legislation, and compliance obligations.
Information security program Entera has a comprehensive set of information security policies covering a range of topics. These are distributed to all employees and contractors, and validation is tracked against key policies such as the Acceptable Use Policy and the Information Security Policy.
Access control Access to systems and network devices is based on a documented, approved request process. Two-factor authentication is required for logical access to platform servers and management systems. Periodic verification is performed to determine that the user ID holder is still operational and assigned to the appropriate role. Access is further restricted by system permissions using a minimum privilege methodology, and a documented business requirement is required for all permissions. Exceptions identified during the verification process are corrected. Business needs are rechecked quarterly to determine that access is commensurate with users' job responsibilities. Exceptions identified during the re-verification process are corrected. User access is revoked upon termination or change of position.
Vendor Management Entera understands the risks associated with the mismanagement of suppliers. We assess and monitor the supplier onboarding process and steps for all our suppliers prior to engagement to ensure that their security meets the appropriate standards. If they do not meet our requirements, we do not move forward with them. Selected suppliers are then continuously monitored and reassessed against the relevant changes.
Responsible Disclosure At Entera, we consider the security of our systems a top priority and Entera believes that working with a skilled security research community helps improve our security posture.