ReqDC as a cloud-based integration platform is built with security and high-availability and as priority. The platform that will provide internally all functionality that is needed for the integration messaging functionality.
Features provided:
- Processing logic: Custom made logic and rules for integration use cases
- Multiple backends: Various systems can be integrated to work together
- Developed for requirements: ReqDC platform gains new features and components based on customer needs
- Two environments: Test and Production environments. They are fully isolated and both are accessible and usable
- Data transformation: Let it be JSON, SOAP, XML, CSV, Plaintext or other formats, we can process it and send it onwards as-is or with additional processing
- Background processing: To avoid network and platform congestion, integration message processing can be delayed and queued
- Synchronicity options: To support multitude use cases, both synchronous and asynchronous processing is supported. See documentation for more information
- App: Graphical user interface for participating developers to test, debug and follow up on the individual implementations
- Availability: Guaranteed 99,95% up-time
- Notifications: Email and SMS notifications can be sent to integration or automation participants as well as end-users.
- Scalable: ReqDC is built on cloud-native technology and scales up as volumes increase
- Backup: Scheduled off-site backups
- ReqDC monitoring: Internal components are constantly monitored and issues notified to system admins
- Backend monitoring: If external integrated backends are unresponsive, monitoring emails can be sent to applicable parties
- Support: Email and phone support is provided during office hours. Disaster support can be provided per-agreement basis.
- Flexible: New technologies and standards can be supported.
- Testing: All integrations built are included as part of automated test suite
- Agile modifications: Heavy modification processes are avoided- instead using continuous and rapid deployment we can answer quickly changing IT world requirements
- Data storage: Internal data storage for integration messaging and parameters
- Encryption: Sensitive values are encrypted in the database for additional security
- Separative architecture: Platform infrastructure has been built with a design that encapsulates different components. This reduces the risk of attacker access in cases of system breach
- GDPR compliancy: Data retention times, deletion and log file cleanup are part of cleanup routines, person registries are saved only on request.
Integration processing is developed by ReqDC developers using the functionalities provided by the platform. Other backend developers can be part of the development process.
Security by design
ReqDC Platform and its API’s and functionalities have been designed with security in mind. Attack vectors have been mitigated by following industry security standards and compliant programming practices.
OWASP Top10 key points have been internally implemented and tested on the platform. More information
Platform components have been hardened by security experts, taking into account attack vectors
Automated testing
As part of continuous development and continuous integration, automated tests are executed at each change. Test coverage is kept high throughout the development cycle.
Library and add-on monitoring
All libraries and add-ons used in development are monitored and checked by our developers. Only trusted and verified 3rd party components are used in platform development and usage.
Encryption
Starting from authorization and authentication to all message delivery, data transfer is encrypted using applicable protocol encryption standards such as TLS1.2. Unencrypted data transfer is not supported by the platform.
Sensitive Data
Sensitive data is processed in accordance to local laws. Customers can define data retention and cleanup intervals from database
Sensitive data, such as customer environment passwords are encrypted. In case the database access is compromised, the attacker can not access secured values in the database as they are separately encrypted. Separately encrypted data is decrypted only inside the software at runtime level, using separately stored keys.
API and UI user passwords as stored as hashes using secure 1-way hashing algorithm.
