POWERED BY MICROSOFT’S TRUSTED AZURE CLOUD
SLASCONE is a native Microsoft Azure application that can be installed and deployed either using your own/existing Azure subscription or a SLASCONE GmbH Azure subscription (SaaS). In both cases, the same protection and compliance standards apply.
SECURITY
Microsoft uses a wide variety of physical, infrastructure, and operational controls to help secure Azure. SLASCONE abides to all security best practices.
Read more in the Azure Security Center.
COMPLIANCE
Take advantage of more than 90 compliance certifications, including over 50 specific to global regions and countries, such as the US, the European Union, Germany, Japan, the United Kingdom, India, and China.
Explore Azure compliance offerings in the Azure Compliance Hub.
HOW WE SECURE WORKLOADS
Infrastructure
SLASCONE runs in datacenters managed and operated by Microsoft. These geographically dispersed datacenters comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability.
HTTPS/TLS
The SLASCONE API is accessible only via HTTPS. All HTTPS connections require TLS 1.2 or higher.
Data
SLASCONE application data is stored in Azure SQL Database. SQL Database protects customer data and provides strong security features.
Data Encryption
All transmitted and saved data are encrypted.
Identity Provider
SLASCONE uses Azure AD B2C, a leading identity provider, for authentication and user management. Azure AD B2C provides state-of-the-art security features, such as password policies and MFA.
Entra ID (Azure AD)
You can use your existing Entra ID as a federated identity provider.
Digital Signing
SLASCONE uses the RSASHA256 algorithm in order to simultaneously verify both the data integrity and the authenticity, of every API response.
Azure WAF
We use Azure Web Application Firewall which is a cloud-native service that protects web apps from common web-hacking techniques such as SQL injection and security vulnerabilities such as cross-site scripting.
HR
All SLASCONE employees with data access go through a formal, role-based, security awareness training program for cloud-related access and data management issues.
