GoSimplo

GoSimplo always encrypts your data at-rest and only transfer data externally on encrypted channels, unless explicitly disabled by the user.

GoSimplo uses the latest in Cloud Technology and Security services, including but not limited to:

<a href="https://docs.microsoft.com/azure/azure-sql/database/transparent-data-encryption-tde-overview" target="_blank" rel="nofollow noopener noreferrer">Azure SQL Databases with transparent data encryption and transport level encryption</a>

<a href="https://docs.microsoft.com/azure/storage/common/storage-service-encryption" target="_blank" rel="nofollow noopener noreferrer">Azure Blob Services with at-rest encryption and no publicly accessible endpoints</a>

<a href="https://www.cloudflare.com/en-gb/waf/" target="_blank" rel="nofollow noopener noreferrer">Cloudflare for DDOS and Web Application Firewall</a>

Require all connections to use TLS 1.2 or better

All services are using strict firewall restrictions to limit traffic flow

- <a href="https://docs.microsoft.com/azure/azure-sql/database/transparent-data-encryption-tde-overview" target="_blank" rel="nofollow noopener noreferrer">Azure SQL Databases with transparent data encryption and transport level encryption</a>
- <a href="https://docs.microsoft.com/azure/storage/common/storage-service-encryption" target="_blank" rel="nofollow noopener noreferrer">Azure Blob Services with at-rest encryption and no publicly accessible endpoints</a>
- <a href="https://www.cloudflare.com/en-gb/waf/" target="_blank" rel="nofollow noopener noreferrer">Cloudflare for DDOS and Web Application Firewall</a>
- Require all connections to use TLS 1.2 or better
- All services are using strict firewall restrictions to limit traffic flow

User passwords are stored in non-reversible hashed format. At the time of writing we are using: PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.

Users can also enable Two-Factor authentication using a TOTP token as supported by all major smart phone vendors.

Whenever possible GoSimplo uses OAuth or API Tokens to prevent storing user credentials to third party systems.

All connection tokens are encrypted with an additional layer where keys are stored in an Cloud Managed Encryption Vault / <a href="https://docs.microsoft.com/azure/key-vault/general/basic-concepts" target="_blank" rel="nofollow noopener noreferrer">Azure Key Vault</a>

This prevents client connection credentials from being accessible in the event of a compromised database backup.

User and Password Security

Connection Configuration