Jetveo ensures that Jetveo Platform users have access to change and deploy applications. Fine-grained UI security can be configured with programmed claims, including to a granular level for fields, screens, and transactions. Data access can be configured for all data entities. The claims can be associated with the roles. The roles are assigned to users.
Access to each application instance can be configured to various authentication specifications, including Jetveo Platform credentials or single sign-on options, like Azure Active Directory and Google.
Upgrades to the Jetveo Platform incorporate the latest security features for all applications. Jetveo announces scheduled maintenance dates and major upgrades via email.
The Jetveo Platform separates each workspace. No app has access to the data of a different workspace.
The Jetveo Platform automatically generates certificates for both the application default domain and the custom domain (optional) that are established by the user/client. This activates the HTTPS protocol so the private information will be transmitted without eavesdropping or tampering. The transmission of information between the user device and the Jetveo Cloud is protected using 256-bit TLS encryption.
Jetveo Cloud and Platform
- Microsoft Azure is the hosting provider. It has SOC 1, SOC 2, SOC 3, and ISO 27001 certifications.
- Proactive upgrades are made to the operating systems and application servers, with updates and patches, including notification to customers about security-related issues.
- The option to deploy Jetveo applications on-premises is available. (Add-on Service)
The Jetveo Cloud enables auto-recovery and failover while the user load is balanced over two runtime containers. If a single runtime container were to crash, the other runtime container would automatically take over all user requests while the crashed runtime container is replaced with a new one. Given the stateless architecture, the period of disruption is shortened and end users are not impacted. (Add-on Service)
Application database backups are done with each release. Jetveo keeps separate backups from the previous day in a special dedicated backup server (SSAE-16/SOC-2 compliant). All of the backups are encrypted both on the Jetveo side and on the side of the backup server. (Add-on Service)
Third-party Escrow Service
Jetveo Platform source code is available via third-party escrow service. (Add-on Service)
Data Location and Sovereignty
Jetveo maintains cloud environment data in the Microsoft Azure region that is selected (Germany is the default). This enables the user to maintain compliance with data-residency regulations.
Jetveo strictly adheres to GDPR.
Coding and Development Standards
Jetveo developers adhere to coding standards in accordance with the Open Web Application Security Project (OWASP).