Skip to main content

Intranet cloud security

Ensure your intranet is always secure

Your security is important to us

At Interact, the security of our customers' intranets, and the data that resides within them, is of utmost importance to us. We use the latest technology and processes to ensure your intranet is secure.

Application Security

Security Training

Every 12 months our engineering and support departments participate in secure code training.

QA

Dedicated security engineers who are part of our QA and Architecture departments perform reviews and test our code base for security vulnerabilities.

Isolated Environments

Development, testing and staging environments are separated physically and logically from the production environment. Customer data is never used in our development, testing or staging environments.

Security Frameworks

We use .Net security framework controls to limit exposure to exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), and many others.

Static Code Analysis

Our source code is regularly scanned for security issues and automatically refactored to best practices.

Penetration Testing

In addition to our internal security testing, we partner with NCC to perform extensive penetration tests across the application.

Vulnerability Scanning

Our internal security team performs regular vulnerability scanning of the application and infrastructure.

Software Security Features

Authentication Options

Interact supports multiple authentication options including Local Directory (username and passwords are stored within Interact) and SAML 2.0 SSO (e.g. ADFS, Okta, OneLogin).

SSO

Single Sign On (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials. Interact shall only grant access to users that have been authenticated by you.

Secure Credential Storage

Development, testing and staging environments are separated physically and logically from the production environment. Customer data is never used in our development, testing or staging environments.

Security Frameworks

We use .Net security framework controls to limit exposure to exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi) and many others.

Static Code Analysis

Our source code is regularly scanned for security issues and automatically refactored to best practices.

Penetration Testing

Penetration Testing

Vulnerability Scanning

Our internal security team performs regular vulnerability scanning of the application and infrastructure.

Product Security Features

Access Control

Access to data within Interact is governed by access rights. Access privileges can be configured and managed through the use of memberships and can be used to define granular access rights.

IP Restrictions

Interact can be configured to allow access from specific IP address ranges by an administrator.

Content Moderation & Approval

Interact's fine grain permission structure allows administrators who can author content within varied Content Areas and Categories. Interact can be configured in such a way that users must request approval before publishing their content.

Auto Logout

Interact can be configured to automatically log users out after a period of inactivity.

Auditing

Creation and modification of data stored within Interact are recorded along with access logs for future auditing.

Exclusion by Default

Upon creating new entities (e.g. Content Areas, Teams, Homepages) or enabling new features, users are excluded by default. This limits human error and mistakes by requiring the creating owner to specify who can access the entity and its contained content.

Encryption

At Rest

Interact encrypts customer data to AES-256 while at rest.

In Transit

Transfer of data between Interact and you are encrypted using HTTPs and TLS.

Employee Security

Background Checks

Interact performs an extensive background check on all employees including a five year employment history, address history and education verification.

Criminal Record Check

Employees with authorized access to production environments are required to undergo a criminal record check. UK employees are subject to the Disclosure Scotland process. While US employees are subject to a seven-year historical search of the County Criminal Courthouse Records.

NDA

All employees are required to sign Non-Disclosure and Confidentiality agreements.

Compliance

SOC 2 Type II

Interact Cloud infrastructure is designed and managed in alignment with security best practices and a variety of IT security standards including SOC1, SOC2 and SOC3.

HIPAA

Interact is able to provide HIPAA compliant hosting and can make its Business Associate Agreement (BAA) available for execution by subscribers. *HIPAA compliant hosting is not available on all plans and only available upon request

ISO 27001

Interact Cloud infrastructure is designed and managed in alignment with security best practices including ISO 27001.

Security Management

Framework

Interact has an established information security management framework describing the purpose, principles, and basic rules for how we maintain trust. We regularly review and update security policies, provide security training, perform application and network security testing (including penetration testing), monitor compliance with security policies, and conduct internal and external risk assessments.

Training

Interact employees attend a Security Awareness Training at least once every 12 months. Our Security Team provide security awareness updates and refreshers throughout the year to various teams and departments.

Policies

Interact has developed a comprehensive set of security polices which are made available to all employees. Policies are enforced through a blend of training, events and auditing.

Infrastructure Security

Location

Interact has multiple territories where information can be domiciled - including the EU, Australia and the USA - with multiple instances of Interact in each geo-location. Each territory has distinct local legal requirements and interconnectivity agreements in place which ensure that your content inherits the benefits of its host country. Customers can choose to locate their data in the EU-only, US-only, or Australia-only. Data always resides within its provisioned geo-location (EU and the USA) and cannot be transferred outside of its allocated area.

Monitoring

Interact and AWS (our hosting provider) utilize a wide variety of automated monitoring systems to provide a high level of service performance and availability. Monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. The tools have the ability to set custom performance metrics thresholds for unusual activity.

Physical Security

AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Architecture

Interact is designed with multiple layers of protection, covering data transfer, encryption, network configuration, and application level control, all distributed across a scalable secure infrastructure.

Intrusion Detection

Intrusion Detection Systems (IDS) are deployed throughout the Interact infrastructure. The systems are configured to identify malware infections, attacks, system compromises, policy violations and other exposures.

Logical Access

Access to the Interact production network is restricted to a small number of employees and is frequently monitored and audited.

Security Policies

Information Security Policy

Policies that cover customer and Interact information include: device security, authentication requirements, acceptable usage of resources, data storage requirements, security access and issue handling.

Physical Security Policy

Guidelines detailing how we maintain a safe and secure environment for people and property at Interact.

Change Management Policy

Policy for code review and managing changes that impact security by Interact developers to source code, system configuration and production releases.

Incident Response Policy

Guidelines for responding to potential security incidents, including assessment, communication and investigation procedures.

Physical production access

Our procedures for restricting access to the physical production infrastructure, including management review of employees.

Support Policy

Access policies for our Service Desk on viewing, providing support or taking action with customer data.

Essential intranet guide

A must-have guide for every stage of your intranet journey.

Download our free guide and learn how to get the most from your intranet; whether you're looking to make improvements to your existing platform, or you're planning a new project.

Free intranet guide

Plan & deploy a successful intranet with our most popular guide

planning and deploying cover image Download now