Security & Data Privacy
Alfresco in the cloud gives you enterprise-level security and compliance all the way to your end users’ devices, while still maintaining the simplicity and ease of access your users need.
Secured content on devices
Alfresco in the cloud’s encrypted data storage protects content stored for offline use and prevents unauthorized access to the stored content on lost or stolen devices. As a paid customer of Alfresco in the cloud, all your mobile devices are covered.
Even more security enhancements to ensure content is safe and secure on any device, such as Mobile Device Management (MDM), will be introduced soon.
Alfresco provides 256-bit SSL encryption to prevent interception of data in transit between Alfresco in the cloud and end user devices and browsers.
Alfresco in the cloud is protected by multiple levels of firewall. These are of different designs and from different manufacturers. This provides a solid basis for network security.
All users must authenticate themselves using a password, or OAuth 2.0 for third-party applications accessing our APIs. Paid customers can also choose from options, such as integration with their Active Directory using SAML Single Sign On, to provide compliant authentication for all their users using their existing security credentials.
Access to the service is audited by our security infrastructure to help identify security breaches if they occur. Basic auditing of activity is also provided, with more advanced auditing functionality for administrators planned.
Permissions & Roles
Content in Alfresco is secured using granular permissions and role-based security to ensure authenticated users only access the content they’re authorized to.
Users can hide folders or files from specific users, or provide read-only access to certain content. All files and folders can have individual permissions set allowing for precise granular control of content.
Alfresco in the cloud’s security model clearly differentiates between users who belong to your organization and those who don’t, making it easy for administrators to control external access to content shared from their organization.
The service also allows a network to choose administrators who can control network settings and manage users. It takes just 2 clicks to remove users from a network. It’s really easy for organizations to control access to their network as users join and leave.
Alfresco provides 99.99% durability and 99.99% availability for all data stored, by taking advantage of Amazon Simple Storage Service (S3) technology. Alfresco takes extra measures to protect data against loss by replicating the encrypted content to another data center within Amazon Web Services.
In addition, standard and enterprise networks use 256-bit AES encryption to store all content at rest.
Redundant Offsite Backup
Alfresco in the cloud can maintain a 99.9% SLA with limited downtime or data loss in even the most extreme failure of the service, by replicating your data to another offsite data center. This ensures Alfresco never loses your data and provides redundancy across the service if a region is unavailable.
Alfresco in the cloud is provided by Alfresco Software Limited - a UK company that complies with EU data protection standards.
Alfresco in the cloud utilizes Amazon Web Services for data storage and Amazon is certified for SafeHarbor. The Safe Harbor framework is a program that provides a way for US companies to show that they adequately protect personal data according to EU standards. Any transfers of personal data that take place while using Alfresco in the cloud are permitted under the European Commission's Directive on Data Protection.
Further information about the Safe Harbor program is available on the U.S. Department of Commerce's Website.
SOC2 & ISAE 3000
Alfresco in the cloud is now independently reported to the SOC2 and ISEA 3000 Type II standards. SOC2 is an attestation report in accordance with the trust principles defined by the AICPA. The SOC2 report demonstrates Alfresco's security stance and is available upon request.
The Alfresco cloud is scanned for security vulnerabilities each and every day by market leader McAfee using their McAfee Secure service. This allows for rapid detection and rectification of security anomalies the moment they arise. Compliance with the programme allows us to display this logo.
All payment card handling is performed by Alfresco partner, Recurly. Recurly is PCI DSS compliant.
All Alfresco cloud services are hosted in the Amazon AWS cloud. This benefits Alfresco customers by leveraging Amazon's own compliance certifications which apply to the infrastructure used. A list of compliances is here https://aws.amazon.com/compliance.
Compliance and certifications are constantly under review at Alfresco. When new ones emerge or take increased market importance, you can be sure Alfresco will rapidly become compliant.