Jetveo Security

Application Security

Role-based Access

Jetveo ensures that Jetveo Platform users have access to change and deploy applications. Fine-grained UI security can be configured with programmed claims, including to a granular level for fields, screens, and transactions. Data access can be configured for all data entities. The claims can be associated with the roles. The roles are assigned to users.

Authentication

Access to each application instance can be configured to various authentication specifications, including Jetveo Platform credentials or single sign-on options, like Azure Active Directory and Google.

Upgrades

Upgrades to the Jetveo Platform incorporate the latest security features for all applications. Jetveo announces scheduled maintenance dates and major upgrades via email.

Data Security

Data Isolation

The Jetveo Platform separates each workspace. No app has access to the data of a different workspace.

Certificates

The Jetveo Platform automatically generates certificates for both the application default domain and the custom domain (optional) that are established by the user/client. This activates the HTTPS protocol so the private information will be transmitted without eavesdropping or tampering. The transmission of information between the user device and the Jetveo Cloud is protected using 256-bit TLS encryption.

Infrastructure Security

Jetveo Cloud and Platform

  • Microsoft Azure is the hosting provider. It has SOC 1, SOC 2, SOC 3, and ISO 27001 certifications.
  • Proactive upgrades are made to the operating systems and application servers, with updates and patches, including notification to customers about security-related issues.
  • The option to deploy Jetveo applications on-premises is available. (Add-on Service)

Business Continuity

High Availability

The Jetveo Cloud enables auto-recovery and failover while the user load is balanced over two runtime containers. If a single runtime container were to crash, the other runtime container would automatically take over all user requests while the crashed runtime container is replaced with a new one. Given the stateless architecture, the period of disruption is shortened and end users are not impacted. (Add-on Service)

Backups

Application database backups are done with each release. Jetveo keeps separate backups from the previous day in a special dedicated backup server (SSAE-16/SOC-2 compliant). All of the backups are encrypted both on the Jetveo side and on the side of the backup server. (Add-on Service)

Third-party Escrow Service

Jetveo Platform source code is available via third-party escrow service. (Add-on Service)

Compliance

Data Location and Sovereignty

Jetveo maintains cloud environment data in the Microsoft Azure region that is selected (Germany is the default). This enables the user to maintain compliance with data-residency regulations.

Data Privacy

Jetveo strictly adheres to GDPR.

Coding and Development Standards

Jetveo developers adhere to coding standards in accordance with the Open Web Application Security Project (OWASP).