We are open about our security controls and policies, so if you’d like to know more, please let us know.
When designing and implementing our software we use the following principles:
- Privacy by design
- Security by design
- Defense in depth
The software must adhere to principles as least privilege and need to know We do this in such a way that we are able to remain user friendly and affordable.
Policies & certifications
Skopos is not ISO 27001 certified, we have started the process. At Skopos we adopt policies from ISO 27001, NEN7510, NIST (US National Institute of Standards and Technology), Cyber Essentials Standard, Framework Secure Software (Secure Software Alliance) , – OWASP Secure Coding Practices and NCSC Guidance.
Skopos can be split up in (1) agents running on end points, (2) the link between agents and the Skopos engine and (3) the Skopos databases.
Skopos agents run on the Windows, MacOs, iOS, Android and Linux platform.
In case of Linux we use a system user, which is the best way to run services. Humans can’t use these (password-less) users, unless they have the right sudo privileges. For Windows we run under the system account, as many services do. The reason for that is we enumerate (among other things, but those can be done with lower privileges) installed Windows patches and updates. This can only be done by querying the windows management system. Windows requires higher privileges to do that. On MacOs the agent runs under the privileges of the user that installed the software.
We are aware that every control mitigates risk, but also carries other risk. The same goes for the Skopos Agent. Therefore we keep the agent logic as simple and dumb as possible. The logic and heavy processing is done on the central system.
All data traveling from the endpoint until it reaches the Skopos matching engine is encrypted. The agent and server use asymmetric encryption to communicate.
Or course, our software is never done and there is always room for improvement (which is true about every software product). We like to think critically about what we are doing and where we need to go. If you notice anything that we can improve, we’d like to hear it. We will investigate and put it on our backlog.
Data is stored at Microsoft Azure in Amsterdam and at request can be hosted on a geographical location of choice. Data is subject to the highest security standards. The Azure data center is ISO27001 and NEN7510 certified. The database storage is encrypted using common SQL Server techniques.
Access to the data is strictly regulated. Only DB admins have access to the production database using a separated. The database is protected by a firewall and advanced security techniques provided by Azure. We do extensive audit logging within the application and for administrative tasks. Changes to important tables are automatically logged in audit tables using database triggers. The database is backed up every hour, week and month. Backups are kept for at least two weeks, monthly backups are kept for at least an half year.
For administering the application a few functional administrator have access to the admin portal. Using a separate login and force two factor authentication. The administrative portal doesn’t have access to client data, only the settings and general client information (like subscription type, etc) to perform general administrative tasks. The audit logs can be checked from the admin portal.
Within the Skopos portal we have supervisor / support accounts (separate usernames and passwords and mandatory two factor authentication) those account can access a subset of clients to provide support in case of need.
We require passwords for account, preferably a minimum of 50 characters, randomly generated. Password need to be kept strictly personal and are only allowed to be stored in validated and approved password managers. The strong preference for two factor authentication is using FIDO2 devices (for example YubiKeys or Solokeys). Any storage device we use for any type of work for Skopos needs to be encrypted.
Password for Skopos accounts are stored using Argon2 V1.3. Passwords are either chosen by the user or generated randomly. We will never be able to retrieve your password (we will never ask for it either).
Separation of development and production
Of course we have a strict separation of development, test and production environments. No production will be using either in development and test. The environments are physically separated and accounts used to access a certain environment can never be used to access another.
More information can be found on our support portal.