MREN Security Practices

Last revised on December 15, 2017
 

Below is a summary of the industry best-practice security features supporting the MREN platform:

1. Opt-in Information Sharing

To ensure complete control of your information, all files and data are protected until affirmative steps are taken by the data owner. MREN’s proprietary permission model allows you to grant multiple levels of access to each file in your system.

2. Information Analytics

Quickly and comprehensively browse snapshots of usage. Search, sort, and filter through activity in your network from an administrative view.

3. Audit Logs

All activity on your account is saved to an audit log. The audit log records user activities including action, location, time, day and more.

4. Granular User Access

Administrators can set access policies to specific Projects, Teams, or files, ensuring that users only interact with specific areas you opt into.

5. Instant Access Revocation

Administrators and information owners are able to revoke access to to files, folders, and entire repositories in 1 step, taking effect immediately.

 

Security Highlights

Our secure infrastructure keeps information safe and always available using techniques employed by the top 10 US banks and Fortune 500 technology companies:

Secure Communication Protocol

MREN takes advantage of the prolific HTTPS standard in order to encrypt traffic over the network in which the application is accessed. HTTPS is employed as a communication protocol with the intent to mitigate the risk of so called man-in-the-middle attacks. That is, information retrieved or submitted to the web application is encrypted in such a way that a malicious attacker spying on the connection could not decipher meaning.

End-to-end Encryption

MREN uses AES 256-bit encryption, support TLS 1.2 for all traffic flowing from site to client, and use RSA Key Exchange Algorithm. This technology is based on the same standards as https/SSL and is considered a standard in the industry. Data is always encrypted at rest.

Authentication Best Practices

MREN employs industry approved password policies. Accounts are always behind password protection and passwords are never stored on MREN’s system. Password modification requires a cryptographic token for authorization.

Personnel Security Procedures

Security is a prime responsibility of MREN and as such all MREN employees receive onboarding as well as ongoing security training. Employees are required to read and sign internal privacy and security policies that protect customers’ information. Additional documentation is available upon request.

Industry Leading Infrastructure – Security and Availability

MREN maintains no physical servers, favoring Microsoft’s state of the art Azure Cloud. By leaning on a trusted name in technology and security, MREN is able to capitalize on the following controls as well as many more:

  • 24 Hour Monitored Hardware Security
  • Continuous Data Backup
  • Geo Redundant File Storage
  • Disaster Recovery
  • US Located Data Centers
  • Load Balancing Servers
  • Managed Firewall and Intrusion Detection
  • Redundant, Uninterrupted Power Supply
  • Single Point of Data Center Access with Iris and Biometric Fingerprint Scans
  • SOC 1, SOC 2, SOC 3, ISO 27001, and PCI Certified Data Center

Failover Policy

To achieve maximum availability, MREN uses 24-hour monitoring of server health. By making use of a distributed infrastructure, failovers can occur seamlessly and new infrastructure can be deployed in minutes.

Data Retention

Transactional logs of all activity are stored redundantly across data centers. Data rollbacks and restorations are tested regularly.