NYMA Platform SaaS Safety

NYMA Emergency Basic is offered as a Software as a Service (SaaS). This particular software consists of the application and the database hosted by Microsoft Azure Cloud.

Concerning security, the key factors which make software – offered in a SaaS model – secure are the following:

  • Availability
  • Confidentiality
  • Integrity

Starting from Availability it should be noted that the availability of servers hosting the database and the application is guaranteed by Microsoft itself at a rate of 99,95% per month.

About Confidentiality, NYMA Emergency Basic is designed in a way that:

  • Controls access to relevant pages. The only users that can interact with it are the registered ones. Every registered user is obliged to have a ‘strong’ password. For NYMA Emergency Basic, ‘strong’ password is a password which has at least 8 letters, including both capital and small, at least one special character and at least one number. This code is stored encrypted in the database.
  • Client to server communication is encrypted. This is accomplished with the use of SSL Certificates, which are also offered by Microsoft. In case the customer does not wish to use the azurewebsites.net domain and wants to rent exclusively his own domain, then he has to buy new SSL Certificates that, however,  at security level will work the same way as in the azurewebsites.net domain.
  • Communication between database and application is achieved through a role-based policy, providing each ‘role’ with the appropriate access rights to the database. For example, the NYMA Emergency Basic user can only perform the read and write operations in the database specified for use by its application.
  • In the following months, we are going to take care of the tables found in the database used by the NYMA Emergency Basic application in order to be encrypted using one of the algorithms, 3-DES, RSA or AES.

Finally, system-level Integrity is ensured by Microsoft (SLA). At an application level, it is ensured by the fact that every registered user has specific rights to actions that concern the operation of software.