TOTVS Fluig English

Árvore de páginas

Você está vendo a versão antiga da página. Ver a versão atual.

Comparar com o atual Ver Histórico da Página

Versão 1 Próxima »

Purpose

To describe the security controls available within the fluig platform and its execution in internal environments (on-premises) and on the cloud.

Cryptography

Data traffic

All communication between fluig and customers is made through HTTPS/TLS – the most popular and reliable protocol available on the market.

Learn more about HTTPS configuration

The customer must provide a valid certificate to be used by the fluig server, e.g. fluig.empresa.com.br.

If the customer does not have a certificate, we suggest using the following address:

3-month HTTPS certificate

PasswordsSensitive user data are written in a manner so that the original content cannot be discovered.
AuthenticationThe Single Sign On (SSO) process occurs via the SAML Protocol, with a certificate generated internally, with no information being exchanged.

Availability and Continuity

Identity Services

on the Cloud

Minimum availability of the fluig Identity environment is 99.5% per month on the production environment.

All monitoring and notifications about the changes to the service status are available at: http://status.fluigidentity.com

Analytics Services

on the Cloud

Minimum availability of the fluig Analytics environment is 99.5% per month on the production environment.
CLOUD Services

Availability and continuity policies change according to the business proposal. Our plans start with 97.5% availability per month.

Check out the specific use and availability values on our proposal.

High availability

On premises

The on-premises customer is responsible for creating an environment that meets their availability and performance needs.

We have recommendations on how a customer should configure their environment to ensure greater availability.

Learn more about how to create high availability fluig environments

We offer support packages to help customers better manage their environment.


Physical Envirolment

Depending on use and contract, the customer can be allocated in the TOTVS NIMBVS or the Amazon data center. Each of these data centers has different characteristics.

NIMBVS Environment

Certifications

    • ISAE 3402 Type II
    • ISO 9001:2008
    • TIER III Data Center
    • Vulnerability management provided by expert consultants
    • 24/7 monitoring and defense against DDOS attacks
    • SIEM
    • Next-Generation Firewall
    • Backup policy as per business proposal
    • Data delivery policy in case of unrecoverable failure in the TOTVS data center as per business proposal
    • Data integrity guarantee as per contract

Location

Data centers are located in São Paulo, Brazil

Amazon Environment

The following certifications are included for fluig Viewer services and for customers allocated on the Amazon cloud:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

More details about certifications on the Amazon environment

Location

Data centers are in the São Paulo Zone, Brazil

Add-on Services Environment

For the platform operation, based on the fog computing concept, some services run on cloud services. For transparency purposes, here are the services and locations.

Identity Environment

Location

Data centers are located in the São Paulo Zone, Brazil, in the Amazon Web Services (AWS)

Analytics Environment

For more information on the architecture and security for the Analytics Services, see the security guide.

Location

Data centers allocated in the United States, in the Rackspace services

Messaging Environment

Location

Data centers allocated in the United States, in the Google Cloud Platform services

fluig Viewer Environment

Location

Data centers are located in the São Paulo Zone, Brazil, in the Amazon Web Services (AWS)

Mobile Environment

Fluig may be accessed via mobile devices through fluig Mobile, available for Android and iPhone/iPad.

Data traffic

Communication between fluig Mobile and the fluig server occurs via a network connection, with all data traffic being sent via HTTP.

For access via cellular data network (3G/4G), fluig must have its address published on the internet. HTTPS may be enabled to provide for greater security, using valid certifications for mobile devices.

If the address is not published on the internet, the mobile device on which fluig Mobile is installed must be connected to a network that allows access to the fluig server.

E.g., Company’s Wi-Fi, VPN connection, etc.

AuthenticationAuthentication is provided by OAuth, a secure authorization protocol that does not store the user and password at login, only the authentication key (token).


Network and application security

Followed recommendationIn most security actions, OWASP recommendations are taken into account.
Vulnerability testing

Third parties perform independent Pentests on a regular basis.

Any vulnerability detected is evaluated according to the impact and probability of the failure, and correction tasks are created for the responsible team.

Pentest last performed: March/2017

Security incidents

In the event of an information leak or detected vulnerability, we allocate our technical professionals to remedy the issue.

To ensure this process, customers are advised to open a ticket reporting the situation.


  • Sem rótulos