SECURITY OVERVIEW

Regulators trust Thentia Cloud to manage their security processes and ensure their data is protected

Connect with one of our product experts to learn why Thentia Cloud is the right software to support your organization.

SECURITY A TOP PRIORITY

The security and resources required to protect regulators

At Thentia, we know what’s at stake for our clients, which is why we have made security a top priority since our beginning. When partnering with Thentia, clients can have peace of mind that their regulatory data is protected. Informed by industry best practices, we continuously invest in processes that allow us to prevent, identify, and quickly respond to any potential threats.

Interview with Matt Singleton, CISO, State of Oklahoma

Listen to our interview with Matt as he addresses the top concerns of state officials and government regulators when it comes to security.

Physical Security
Secure Data Storage in Google’s Cloud Platform
Uptime Over 99.8%
Continuous Data Backup
Network & Systems Security
Robust Network Security Infrastructure
Regular Updates and Patch Management
Application Security
Application Security Process
Vulnerability Management and Ethical Hacking
User Authentication
Data Sharing and Role-Based Access Control
Monitoring User Activities
Data Encryption
People
Processes
Need-to-Know and Least Privileged
Privacy
Compliance
ISO 27001 Compliance
Type 2 SOC2 Compliance
Physical Security
Secure Data Storage in Google’s Cloud Platform

All client data is safely and securely stored in Google’s Cloud Platform, which is fully compliant with ISO/IEC 27001/27017/27018/27701, SOC 1/2/3, PCI DSS, and FedRAMP certifications. Our regional approach ensures that Canadian data stays in Canada, while U.S. data stays in the U.S.

Google data centers feature layered security with industry-leading mechanisms, including custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometrics, and laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution cameras that can detect and track intruders. Only approved employees with specific roles may enter.

Uptime Over 99.8%

Downtime can be costly and impede regulators’ ability to do their important work. This is why Thentia Cloud makes it a top priority to consistently maintain or exceed a 99.8% uptime, ensuring that clients have constant access to the platform. In the event of a temporary interruption or scheduled maintenance, Thentia Cloud users can visit our Systems Status webpage where details about all major incidents, scheduled maintenance, service events, and more, will be posted. Customers can also subscribe to our Thentia Status page to receive email notifications for maintenance scheduled and other service events.

Continuous Data Backup

Thentia Cloud provides full hourly data backups in case data needs to be restored an especially important feature during high transaction cycles, such as renewal periods. Continuous data backup gives clients peace of mind that their data is retrievable if they, or we, are ever attacked with ransomware or malware. Backup data is securely stored in Google’s Cloud Platform.  

Network & Systems Security
Robust Network Security Infrastructure

Our industry-standard network protection procedures allow us to prevent, detect, and quickly respond to any malicious traffic and network attacks. With our layered approach to security, we employ multiple levels of strong IT defenses that together address potential weaknesses or vulnerabilities of the individual components. Our procedures include network segregation using VLAN’s, web application firewall (WAF) technology, intrusion detection and prevention systems, centralized log aggregation, and alert mechanisms. These procedures are used in conjunction with secure connectivity, including secure channels and multi-factor access for authorized systems operations group personnel. 

Regular Updates and Patch Management

Thentia conducts continuous internal network security audits and scanning to allow us to quickly identify any issues. All operating systems, software, frameworks, and libraries used in Thentia’s infrastructure are updated to the latest versions on a regular basis in accordance with our in-house patch management policy. Whenever a vulnerability is identified, prompt actions are taken to mitigate any potential risks for our clients, which includes applying hotfixes and patches quickly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS. Thentia’s intrusion detection systems can take actions when malicious activity or abnormal traffic is detected, including blocking traffic sent from suspicious IP addresses. 

Application Security
Application Security Process

A robust Application Security process is fully integrated into Thentia’s Software Development Lifecycle (SDLC), including: 

  • In-house security requirements, policies, and industry security best practices applied in every stage of the lifecycle. 
  • Continuous security review of architectures and features. 
  • Iterative manual and automated source code review (using static code analyzers) for security weaknesses, vulnerabilities, and code quality, plus development team advisory and guidance. 
  • Per release dynamic scanning of pre-production environment. 
  • Security training provided for IT and development teams. 
Vulnerability Management and Ethical Hacking

Thentia’s industry-leading Vulnerability Management Program utilizes layers of people, processes, and technology to identify and monitor for vulnerabilities in our applications and infrastructure, including: 

  • Static Application Security Testing (SAST): Run during development and continuously monitored to detect OSS package issues. 
  • Dynamic Application Security Testing (DAST): Run during QA stage of the SDLC 
  • Vulnerability and Configuration Monitoring: Run during server deploy and weekly to assure auto-patching technologies are delivering on their Service Level Agreements (SLA) (weekly patching of at least Critical/High). 

Vulnerabilities detected during SDLC are remediated before go-live. Vulnerabilities identified in production are tracked by our InfoSec team to assure timely closure. 

User Authentication

Each Thentia Cloud user has a unique, password-protected account with a verified email address. The password must meet strong password policies and is stored securely using a strong hashing algorithm with a unique salt for every password. Two-Factor Authentication is available as an additional security measure to protect customer and licensee/user accounts. Thentia Cloud utilizes automatic session timeouts, an important security control for any application. Users are required to re-authenticate after a specified length of time to prevent unauthorized access. Thentia Cloud also supports multiple methods of federated authentication, including Google Open ID, Azure, Office 365, ADFS and SAML2 to conveniently and securely gain access to a Thentia Cloud account leveraging corporate credentials.

Data Sharing and Role-Based Access Control

Thentia Cloud account administrators can easily manage and control any individual user’s permissions based on their role and responsibilities. Limiting access to administrator functions is crucial for preventing damage from intruders.

Monitoring User Activities

Thentia Cloud clients can access logs of both internal and external user activities.

Data Encryption

All client data is encrypted automatically by Google, which uses multiple layers of encryption to protect data. Google Cloud uses a FIPS 140-2 validated encryption module (certificate 3318) in its production environment, and all data stored in Google Cloud is encrypted at the storage level using AES256. Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys (DEKs) are stored with the data, encrypted with (“wrapped” by) key encryption keys (KEKs) that are exclusively stored and used inside Google’s central Key Management Service, which is redundant and globally distributed.

People
Processes

With best-in-class practices for managing security and data protection risk, a strong approach to security is embedded in everything we do. Our InfoSec team has years of experience in financial, retail, manufacturing, and consulting environments ranging in size from startup to enterprise and is constantly improving our security processes over time.

Need-to-Know and Least Privileged

Access to client data is limited to Thentia employees with a job-related need, and all these staff members are required to sign a confidentiality agreement. Accessing client data is only done when necessary, and only when approved by the client (such as during a request for support), or under authorization from senior management and security for the purposes of providing support, maintenance, or improving service quality.

Privacy

We take the protection of users’ Personal Identifiable Information seriously. Consult Thentia’s Privacy Policy for full details on how we use and protect personal data collected in Thentia Cloud.  

Compliance
ISO 27001 Compliance

Thentia uses only ISO 27001 certified vendors when storing, processing, or transmitting customer data.   Thentia is working to achieve ISO 27001 certification for our own Information Security Program in early 2022.

Type 2 SOC2 Compliance

Thentia uses only Type 2 SOC2 compliant vendors when storing, processing, or transmitting customer data. Thentia is working to achieve SOC2 Type 1 & 2 for our Information Technology and Customer Service program in early 2022.

image

WHAT OUR CLIENTS ARE SAYING

“We were instantly blown away by the product and just how much more sophisticated it was compared to the big giants in the agency licensing cloud software space.”

GRANT CODY, EXECUTIVE DIRECTOR

Oklahoma Real Estate Commission (OREC)

Learn more
image

WHAT OUR CLIENTS ARE SAYING

“We’ve ultimately seen a 180-degree improvement from where we were before Thentia Cloud. There genuinely is no comparison. When talking about our experience with Thentia Cloud, we only have wonderful things to say.”

MICHAEL LEAKE, EXECUTIVE DIRECTOR

Oklahoma State Board of Osteopathic Examiners (OSBOE)

Learn more
image

WHAT OUR CLIENTS ARE SAYING

“We learned very quickly that Thentia was serious about regulatory licensing. We felt confident that with their support and modern, state-of-the-art solution, they could move us into the future where we needed to be.”

LESLIE HANSKA, EXECUTIVE DIRECTOR

Oklahoma Board of Architects, Landscape Architects and Registered Commercial Interior Designers (OBA)

Learn more

CONNECT WITH A THENTIA CLOUD EXPERT

Learn why Thentia Cloud is the right platform to support your regulatory agency.

We’re here to support you and your licensing agency. Speak with an expert from our team to learn how we can meet the unique needs of your organization.