MREN Security Practices
Below is a summary of the industry best-practice security features supporting the MREN platform:
1. Opt-in Information Sharing
To ensure complete control of your information, all files and data are protected until affirmative steps are taken by the data owner. MREN’s proprietary permission model allows you to grant multiple levels of access to each file in your system.
2. Information Analytics
Quickly and comprehensively browse snapshots of usage. Search, sort, and filter through activity in your network from an administrative view.
3. Audit Logs
All activity on your account is saved to an audit log. The audit log records user activities including action, location, time, day and more.
4. Granular User Access
Administrators can set access policies to specific Projects, Teams, or files, ensuring that users only interact with specific areas you opt into.
5. Instant Access Revocation
Administrators and information owners are able to revoke access to to files, folders, and entire repositories in 1 step, taking effect immediately.
Security Highlights
Secure Communication Protocol
MREN takes advantage of the prolific HTTPS standard in order to encrypt traffic over the network in which the application is accessed. HTTPS is employed as a communication protocol with the intent to mitigate the risk of so called man-in-the-middle attacks. That is, information retrieved or submitted to the web application is encrypted in such a way that a malicious attacker spying on the connection could not decipher meaning.
End-to-end Encryption
MREN uses AES 256-bit encryption, support TLS 1.2 for all traffic flowing from site to client, and use RSA Key Exchange Algorithm. This technology is based on the same standards as https/SSL and is considered a standard in the industry. Data is always encrypted at rest.
Authentication Best Practices
MREN employs industry approved password policies. Accounts are always behind password protection and passwords are never stored on MREN’s system. Password modification requires a cryptographic token for authorization.
Personnel Security Procedures
Security is a prime responsibility of MREN and as such all MREN employees receive onboarding as well as ongoing security training. Employees are required to read and sign internal privacy and security policies that protect customers’ information. Additional documentation is available upon request.
Industry Leading Infrastructure – Security and Availability
MREN maintains no physical servers, favoring Microsoft’s state of the art Azure Cloud. By leaning on a trusted name in technology and security, MREN is able to capitalize on the following controls as well as many more:
- 24 Hour Monitored Hardware Security
- Continuous Data Backup
- Geo Redundant File Storage
- Disaster Recovery
- US Located Data Centers
- Load Balancing Servers
- Managed Firewall and Intrusion Detection
- Redundant, Uninterrupted Power Supply
- Single Point of Data Center Access with Iris and Biometric Fingerprint Scans
- SOC 1, SOC 2, SOC 3, ISO 27001, and PCI Certified Data Center
Failover Policy
To achieve maximum availability, MREN uses 24-hour monitoring of server health. By making use of a distributed infrastructure, failovers can occur seamlessly and new infrastructure can be deployed in minutes.
Data Retention
Transactional logs of all activity are stored redundantly across data centers. Data rollbacks and restorations are tested regularly.