Purpose
To describe the security controls available within the TOTVS Fluig Platform and its execution in internal environments (on-premises) and on the cloud.
Cryptography
Data traffic | All communication between TOTVS Fluig Platform and customers is made through HTTPS/TLS – the most popular and reliable protocol available on the market. Learn more about HTTPS configuration The customer must provide a valid certificate to be used by the server, e.g. fluig.empresa.com.br. If the customer does not have a certificate, we suggest using the following address: |
---|---|
Passwords | Sensitive user data are written in a manner so that the original content cannot be discovered. |
Authentication | The Single Sign On (SSO) process occurs via the SAML Protocol, with a certificate generated internally, with no information being exchanged. |
Availability and Continuity
Identity Services on the Cloud | Minimum availability of the TOTVS Identity environment is 99.5% per month on the production environment. All monitoring and notifications about the changes to the service status are available at: http://status.fluigidentity.com |
---|---|
Analytics Services on the Cloud | Minimum availability of the Analytics environment is 99.5% per month on the production environment. |
CLOUD Services | Availability and continuity policies change according to the business proposal. Our plans start with 97.5% availability per month. Check out the specific use and availability values on our proposal. |
High availability On premises | The on-premises customer is responsible for creating an environment that meets their availability and performance needs. We have recommendations on how a customer should configure their environment to ensure greater availability. Learn more about how to create high availability environments We offer support packages to help customers better manage their environment. |
Physical Envirolment
Depending on use and contract, the customer can be allocated in the TOTVS NIMBVS or the Amazon data center. Each of these data centers has different characteristics.
NIMBVS Environment | Certifications
Location Data centers are located in São Paulo, Brazil |
---|---|
Amazon Environment | The following certifications are included for Fluig Viewer services and for customers allocated on the Amazon cloud:
More details about certifications on the Amazon environment Location Data centers are in the São Paulo Zone, Brazil |
Add-on Services Environment
For the platform operation, based on the fog computing concept, some services run on cloud services. For transparency purposes, here are the services and locations.
Identity Environment | Location Data centers are located in the São Paulo Zone, Brazil, in the Amazon Web Services (AWS) |
---|---|
Analytics Environment | For more information on the architecture and security for the Analytics Services, see the security guide. Location Data centers allocated in the United States, in the Rackspace services |
Fluig Viewer Environment | Location Data centers are located in the São Paulo Zone, Brazil, in the Amazon Web Services (AWS) |
Integration with External Systems
TOTVS Fluig Platform can be integrated with various systems in different scenarios. For security reasons, we recommend checking all integrations available.
Legacy systems | One of the fluig’s most used features when creating projects is the integration with the systems that the company already has, whether for query or processing purposes.
Supported REST authentications:
|
---|---|
Mandatory components | On-Premises - License Server
|
Optional components | Microsoft Active Directory or OpenLDAP A directory service can be used for user authentication. Both the platform and TOTVS Identity have connections and, in TOTVS Identity’s case, SmartSync is used to make this communication even more secure. SMTP - E-mailing We use the SMTP protocol with SSL or TLS to send notification e-mails. PUSH Notifications Both the Google® and Apple® infrastructures are used for notifying mobile application users: small messages with no business critical data are sent by the technology partner UrbanAirship, centralizing all messages sent to customers. |
Mobile Environment
TOTVS Fluig Platform may be accessed via mobile devices through Fluig Mobile, available for Android and iPhone/iPad.
Data traffic | Communication between Fluig Mobile and the fluig server occurs via a network connection, with all data traffic being sent via HTTP. For access via cellular data network (3G/4G), fluig must have its address published on the internet. HTTPS may be enabled to provide for greater security, using valid certifications for mobile devices. If the address is not published on the internet, the mobile device on which fluig Mobile is installed must be connected to a network that allows access to the fluig server. E.g., Company’s Wi-Fi, VPN connection, etc. |
---|---|
Authentication | Authentication is provided by OAuth, a secure authorization protocol that does not store the user and password at login, only the authentication key (token). |
Network and application security
Followed recommendation | In most security actions, OWASP recommendations are taken into account. |
---|---|
Vulnerability testing | Third parties perform independent Pentests on a regular basis. Any vulnerability detected is evaluated according to the impact and probability of the failure, and correction tasks are created for the responsible team. Pentest last performed: March/2017 |
Security incidents | In the event of an information leak or detected vulnerability, we allocate our technical professionals to remedy the issue. To ensure this process, customers are advised to open a ticket reporting the situation. |