SECURITY OVERVIEW
Regulators trust Thentia Cloud to manage their security processes and ensure their data is protected
Connect with one of our product experts to learn why Thentia Cloud is the right software to support your organization.
SECURITY A TOP PRIORITY
At Thentia, we know what’s at stake for our clients, which is why we have made security a top priority since our beginning. When partnering with Thentia, clients can have peace of mind that their regulatory data is protected. Informed by industry best practices, we continuously invest in processes that allow us to prevent, identify, and quickly respond to any potential threats.
Interview with Matt Singleton, CISO, State of Oklahoma
Listen to our interview with Matt as he addresses the top concerns of state officials and government regulators when it comes to security.
All client data is safely and securely stored in Google’s Cloud Platform, which is fully compliant with ISO/IEC 27001/27017/27018/27701, SOC 1/2/3, PCI DSS, and FedRAMP certifications. Our regional approach ensures that Canadian data stays in Canada, while U.S. data stays in the U.S. Google data centers feature layered security with industry-leading mechanisms, including custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometrics, and laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution cameras that can detect and track intruders. Only approved employees with specific roles may enter. Downtime can be costly and impede regulators’ ability to do their important work. This is why Thentia Cloud makes it a top priority to consistently maintain or exceed a 99.8% uptime, ensuring that clients have constant access to the platform. In the event of a temporary interruption or scheduled maintenance, Thentia Cloud users can visit our Systems Status webpage where details about all major incidents, scheduled maintenance, service events, and more, will be posted. Customers can also subscribe to our Thentia Status page to receive email notifications for maintenance scheduled and other service events. Thentia Cloud provides full hourly data backups in case data needs to be restored — an especially important feature during high transaction cycles, such as renewal periods. Continuous data backup gives clients peace of mind that their data is retrievable if they, or we, are ever attacked with ransomware or malware. Backup data is securely stored in Google’s Cloud Platform. Our industry-standard network protection procedures allow us to prevent, detect, and quickly respond to any malicious traffic and network attacks. With our layered approach to security, we employ multiple levels of strong IT defenses that together address potential weaknesses or vulnerabilities of the individual components. Our procedures include network segregation using VLAN’s, web application firewall (WAF) technology, intrusion detection and prevention systems, centralized log aggregation, and alert mechanisms. These procedures are used in conjunction with secure connectivity, including secure channels and multi-factor access for authorized systems operations group personnel. Thentia conducts continuous internal network security audits and scanning to allow us to quickly identify any issues. All operating systems, software, frameworks, and libraries used in Thentia’s infrastructure are updated to the latest versions on a regular basis in accordance with our in-house patch management policy. Whenever a vulnerability is identified, prompt actions are taken to mitigate any potential risks for our clients, which includes applying hotfixes and patches quickly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS. Thentia’s intrusion detection systems can take actions when malicious activity or abnormal traffic is detected, including blocking traffic sent from suspicious IP addresses. A robust Application Security process is fully integrated into Thentia’s Software Development Lifecycle (SDLC), including: Thentia’s industry-leading Vulnerability Management Program utilizes layers of people, processes, and technology to identify and monitor for vulnerabilities in our applications and infrastructure, including: Vulnerabilities detected during SDLC are remediated before go-live. Vulnerabilities identified in production are tracked by our InfoSec team to assure timely closure. Each Thentia Cloud user has a unique, password-protected account with a verified email address. The password must meet strong password policies and is stored securely using a strong hashing algorithm with a unique salt for every password. Two-Factor Authentication is available as an additional security measure to protect customer and licensee/user accounts. Thentia Cloud utilizes automatic session timeouts, an important security control for any application. Users are required to re-authenticate after a specified length of time to prevent unauthorized access. Thentia Cloud also supports multiple methods of federated authentication, including Google Open ID, Azure, Office 365, ADFS and SAML2 to conveniently and securely gain access to a Thentia Cloud account leveraging corporate credentials. Thentia Cloud account administrators can easily manage and control any individual user’s permissions based on their role and responsibilities. Limiting access to administrator functions is crucial for preventing damage from intruders. Thentia Cloud clients can access logs of both internal and external user activities. All client data is encrypted automatically by Google, which uses multiple layers of encryption to protect data. Google Cloud uses a FIPS 140-2 validated encryption module (certificate 3318) in its production environment, and all data stored in Google Cloud is encrypted at the storage level using AES256. Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys (DEKs) are stored with the data, encrypted with (“wrapped” by) key encryption keys (KEKs) that are exclusively stored and used inside Google’s central Key Management Service, which is redundant and globally distributed. With best-in-class practices for managing security and data protection risk, a strong approach to security is embedded in everything we do. Our InfoSec team has years of experience in financial, retail, manufacturing, and consulting environments ranging in size from startup to enterprise and is constantly improving our security processes over time. Access to client data is limited to Thentia employees with a job-related need, and all these staff members are required to sign a confidentiality agreement. Accessing client data is only done when necessary, and only when approved by the client (such as during a request for support), or under authorization from senior management and security for the purposes of providing support, maintenance, or improving service quality. We take the protection of users’ Personal Identifiable Information seriously. Consult Thentia’s Privacy Policy for full details on how we use and protect personal data collected in Thentia Cloud. Thentia is ISO 27001 certified and only uses ISO 27001 vendors when storing, processing, or transmitting customer data. Thentia is SOC2 compliant and only uses SOC 2 compliant vendors when storing, processing, or transmitting customer data. Safeguarding cardholder data is Thentia’s top most priority. Thentia is PCI-DSS compliant and adheres to the industry’s highest level of standards to ensure sensitive information is protected at all times.


WHAT OUR CLIENTS ARE SAYING
“We were instantly blown away by the product and just how much more sophisticated it was compared to the big giants in the agency licensing cloud software space.”
GRANT CODY, EXECUTIVE DIRECTOR
Oklahoma Real Estate Commission (OREC)
Learn more
WHAT OUR CLIENTS ARE SAYING
“We’ve ultimately seen a 180-degree improvement from where we were before Thentia Cloud. There genuinely is no comparison. When talking about our experience with Thentia Cloud, we only have wonderful things to say.”
MICHAEL LEAKE, EXECUTIVE DIRECTOR
Oklahoma State Board of Osteopathic Examiners (OSBOE)
Learn more
WHAT OUR CLIENTS ARE SAYING
“We learned very quickly that Thentia was serious about regulatory licensing. We felt confident that with their support and modern, state-of-the-art solution, they could move us into the future where we needed to be.”
LESLIE HANSKA, EXECUTIVE DIRECTOR
Oklahoma Board of Architects, Landscape Architects and Registered Commercial Interior Designers (OBA)
Learn more
CONNECT WITH A THENTIA CLOUD EXPERT
We’re here to support you and your licensing agency. Speak with an expert from our team to learn how we can meet the unique needs of your organization.