Security at Tryane
The security of our solutions is of paramount importance at Tryane.
Tryane uses a software development cycle in accordance with the general Agile principles and integrates security in all development steps. This strategy allows us to discover and deal with security issues faster than in traditional development methodologies. Software patches are released as part of our continuous integration process. Patches that may have an impact on end-users are applied as soon as possible, but may require end-user notification and service interruption planning.
Tryane also performs continuous integration. In this way, we are able to respond quickly to functional and security issues. Well defined change management policies and procedures determine when and how changes occur. This security philosophy is at the heart of Tryane’s expertise and work since its creation in 2008.
Customer data protection
All data processed by Tryane are considered confidential. This data is protected in transit over public networks and encrypted at rest. Customer data is not allowed to leave the Tryane production environment, except in limited circumstances, such as at the request of a customer.
All data transmitted between Tryane and Tryane users is protected using TLS (Transport Layer Security). If the encrypted communication is interrupted, the Tryane application is inaccessible.
Tryane maintains separate data centers in France. Tryane uses encryption (AES-256) at different points to protect customer data and Tryane secrets.
Tryane has implemented several layers of access controls for administrative roles and privileges. Access to environments that contain customer data requires a series of authentication and authorization controls, including multi-factor authentication (MFA). Tryane applies least privilege and need-to-know principles for access to customer data, and access to production environment is monitored and logged for security purposes. Tryane has controls in place to ensure the integrity and confidentiality of administrative credentials and access mechanisms, and enforces full disk encryption and unique credentials for workstations.
Tryane monitors critical infrastructure for security-related events using a custom implementation of open source and commercial technologies. Activity data such as API calls and operating system level calls are logged at a central point where the information is passed through a series of custom rules designed to identify malicious or unapproved behavior. The results of these rules are fed into an orchestration platform that triggers automated actions, which may include alerting the security team directly or triggering additional authentication requirements.
All Tryane internal services have a high level of network security and require individual user authentication via a central identity provider as well as two-factor authentication where possible.
All Tryane staff (technical and non-technical roles) undergo regular security awareness and data management training; all employees are encouraged to participate in securing our customers’ data and company assets.
Tryane’s team undergoes regular security and privacy awareness training that includes security in both technical and operational roles. As such, all employees are encouraged to participate in securing our customers’ data and company assets. To ensure that employees are prepared to handle the unique security challenges of their roles, security training materials are developed for each role.
Certifications for more guarantees
Tryane is compliant with the General Data Protection Regulation (GDPR) which went into effect on May 25, 2018.
Tryane has worked to enhance its products, processes, and procedures to meet its obligations as a data processor