Are you ready to MobiWork?

Security is paramount

MobiWork is built with security and data protection as a top priority: Our clients rely on MobiWork for their day-to-day operations and most of the information manipulated is vital to their business.

 

MobiWork security measures and credentials far exceed what most companies can provide or put in place. MobiWork also continuously invests considerable time, energy and resources on security and data protection to meet the growing demands and challenges of security.

 

In addition to its internal tests and assessments, MobiWork regularly undergoes external security and vulnerabilities validations and certifications by the most reputable and recognized security companies.

Data encryption

MobiWork uses industry-leading standard SSL to encrypt all data in transit. This includes all communications between the mobile devices (smartphones, tablets, rugged devices...) and the cloud based platform as well as all communications between the cloud based platform and browsers or 3rd party solutions (e.g. accounting software...).

 

MobiWork uses the strongest SSL encryption available on the market (AES 256-bit encryption, 2048-bit key size encrypted with SHA-2) to ensure maximum protection.

 

MobiWork also encrypts all sensitive data at rest (e.g. all passwords are one-way encoded using the robust BCrypt hash) in its internal databases and MobiWork also offers the option (at an additional cost) to encrypt all data at rest stored on its cloud based data storage (Amazon S3).

 

Access control and permissions

MobiWork supports traditional user authentication as well as more sophisticated authentication options such as single sign-on integration (e.g. you can log in your MobiWork account with your QuickBooks credentials using OAUTH)or federation with corporate directories to reduce administrative overhead and improve end user experience.

 

MobiWork has an extensive access control and permissions framework that gives you full control over the information and actions a user has access to, on the web or mobile application.

 

MobiWork lets you define templates so that overall policies can be defined once and applied to multiple users at the same time (e.g. specific policy for all the field employees).

 

MobiWork has built-in monitoring and logging features to keep track of what is happening including alert notifications of suspicious events or activity (e.g. unauthorized resource access, invalid page requested...).

 

Hosting infrastructure

MobiWork uses the Amazon AWS infrastructure for its cloud based production platforms:

MobiWork uses the latest and most stringent firewall rules to protect and monitor unauthorized attempts to access the platform. In addition, any internal access to the platform can only be done from specific locations, using encrypted communications and individual user profiles for history and audit trail.

Managed DNS

MobiWork uses the Dyn solution to manage its Domain Name System (DNS). Dyn has a global anycast network which has 18 points of presence (PoPS) worldwide. Queries for our domains (e.g. "www.mobiwork.com") are automatically routed to a nearby DNS server using anycast in order to provide the lowest latency possible.

 

This low latency helps ensure a consistent ability to route end users to MobiWork but it also makes it very easy and almost instantaneous to propagate any DNS changes (e.g. to point to a different production platform for fault-tolerance or traffic management) worldwide.

High availability and fault tolerance

MobiWork production platforms are fully redundant and mirrored (including real-time replication) across multiple data centers to provide high availability, redundancy and fault tolerance against natural disasters or system failures.

 

MobiWork takes advantage of the Amazon AWS multiple regions and availability zones for its data centers. Each availability zone is designed as an independent failure zone, which means that they are physically separated within a typical metropolitan region and are each fed via different grids from independent utilities. Availability zones are also all redundantly connected to multiple tier-1 transit providers.

Data replication and backups

MobiWork performs real-time replication to disk at each data center so that all data is securely duplicated in a completely independent environment.

 

In addition, all data is backed up on a daily basis. The corresponding data is securely transmitted and stored in a completely independent environment. All the archives are kept until they are securely destroyed when retired. Please consult our data privacy page for more details.

Performance and availability monitoring

MobiWork is constantly monitoring the availability and performance of the service. This proactive monitoring is performed 24h/7d from 3 different physical locations worldwide (US, France, Australia) to keep track of the overall platform availability and its overall performance under normal load.

 

MobiWork uses automated tools that regularly performs specific queries to involve all the main components of the MobiWork solutions. The tools measure the overall response time and verify the actual response content to ensure the solution is fully functional. If any discrepancy is detected (e.g. longer than expected response time), the tools automatically generate alarms for immediate investigation and troubleshooting by the MobiWork support team.

 

If desired, MobiWork can also provide guaranteed Service Level Agreement (SLA) at an additional cost. Please feel free to contact us for details.

Vulnerabilities and security monitoring

MobiWork closely follows the latest vulnerabilities and security issues that are reported by:

 

MobiWork makes sure that all its software components and servers are updated continuously with the latest patches and software updates to protect against the latest threats and security vulnerabilities.

 

MobiWork also instrumented its solution to identify any intrusion, unauthorized use of resources as well as suspicious activity.

Continuous static code analysis

MobiWork continuously performs advanced and automated static code analysis to:

  • Analyze and measure the technical quality of the source code
  • Track the introduction of new bugs, vulnerabilities, and "code smells"

Any bugs and security vulnerabilities are immediately identified and reported so that they can be addressed by the development team before the code is even released.

 

MobiWork has integrated the SonarQube platform in its continuous integration platform so that the source code analysis is automatically performed as part of every single build. MobiWork also configured multiple plug-ins to scrutinize all Java and JavaScript source code for bugs and security problems such as SQL injection, cross-side scripting, OWASP top 10, CWE/SANS Top 25, buffer overflows, unvalidated user input, usage of uninitialized data, concurrency violations, dereferencing NULL pointers, infinite loops, unreachable code, resource management...

Veracode security static scan

In addition to its internal tests and assessments, MobiWork regularly undergoes external security and vulnerabilities validations and audits performed by independent Third-parties such as Veracode.

 

Veracode has been recognized by Gartner as a leader in the Application Security Testing quadrant for 3 years in a row. Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes's 100 Most Valuable Brands.

 

MobiWork performed a complete and rigorous security static scan on the Veracode platform further demonstrating its commitment and compliance with enterprise security policies.

Cigital dynamic application security testing

Cigital is one of the world largest application security firms and has been helping companies to identify, remediate, and prevent vulnerabilities for over 20 years .

 

Cigital Dynamic Application Security Testing (DAST) uses penetration and black-box testing to identify security vulnerabilities while an application is running. As part of its certification and integration with the Intuit QuickBooks solution, MobiWork has successfully undergone the Cigital DAST for the past three years.

Black Duck open source security audit

MobiWork embraces open source and has incorporated several open source components in its solutions.

 

To ensure that those components are not affected by known security vulnerabilities and that they comply with MobiWork stringent security requirements,  MobiWork uses Black Duck Software to perform an open source security assessment.

 

Black Duck performs a complete open source and third-party code audit and provide a comprehensive list of security, legal, and operational risks associated with the corresponding components and possible remediation.

Are you ready to MobiWork?