Loftware keeps your systems and data secure in multiple ways.

Most security breaches don’t occur from someone breaking into cloud data centers. Instead, attackers typically exploit cloud application vulnerabilities. To prevent attacks, we combine multiple mitigation strategies and security controls to protect your resources and data.

Our layered security includes:

By running on Microsoft Azure, Loftware Cloud inherits many platform and infrastructure security approaches and best-practice implementations. Microsoft handles core data center security and inspects dataflows from the internet to help secure your network against intrusions and malware attacks.

We design cloud applications following modern security-conscious programming practices. We use encryption techniques and execute testing procedures to develop code and launch products.

Our development teams complete IT security-related training on software development to strengthen their information security awareness and experience.

Loftware Cloud authenticates with Microsoft and Google (Oauth2/OpenID Connect).

We integrate trusted providers into Loftware Cloud security to authenticate your user identities and protect your users from attacks. This allows Loftware to focus on core features and leaves identification to experts you know.

You can define your users with LDAP directory services or use your Microsoft Office 365 or Active Directory (AD) accounts (available as Azure Active Directory for cloud applications). Loftware Cloud does not include authentication mechanisms or custom authentication logic.

To process the user login, Loftware Cloud reads the minimum of all user information from the directory it needs. We use more restrictive methods User.ReadBasic.All and GroupMember.Read.All.

Database separation is essential and ensures you get additional layers of security.

You can only access your own assigned application database. You cannot access application databases directly with management applications or via API. Database ownership prevents other customers from accessing or reading any of your data.

Dependent on your Loftware Cloud subscription, you can access user-based cloud databases to store printing data and for daily intermediate master data exports from ERP systems. You don’t need user-based cloud database access to run Loftware Cloud web applications.

User database access is entirely customer specific. When you claim your user database, we create your first administrative account so you can manage your database and grant user access yourself.

Loftware encrypts your data to keep your business safe.

Your data can occupy two states in Loftware Cloud-- data in transit and data at rest. Your data can be exposed to risks in both states. Loftware Cloud uses encryption to protect data in transit and at rest from unauthorized access or theft.

Data actively moving between devices or networks across the internet is data in transit.

We protect your data in transit from local storage to Loftware Cloud storage. We encrypt your data in transit on one end and decrypt it on the other to prevent eavesdropping from unauthorized clients. Loftware Cloud uses modern data encryption communication protocols (TLS and HTTPS) for privacy and data integrity.

We encrypt your data when you connect to Loftware Cloud with:

Data not actively moving between devices or networks across the internet is data at rest.

Loftware Cloud receives and stores your data in Azure SQL databases unique to you. We follow protective security measures to prevent anyone from accessing, modifying, or stealing your at-rest data:

Loftware software uses Azure APIs for secure data exchanges and inter-application communication.

Loftware continuously monitors your hosted system health with Azure Insight.

Insight automatically detects performance anomalies and includes powerful analytics tools to help us diagnose issues and improve products by understanding how our customers use Loftware Cloud.

We use Insight to:

Loftware tests all code extensively to ensure safety and high quality.

Commonly exploited software vulnerabilities include defects, bugs, and logic flaws. Our development team strives to produce quality code through best practice techniques, including:

Our general policy is to automatically test everything we can. We perform continuous regression testing for each release throughout the lifecycle of our software to ensure industry-grade quality standards.

In addition to our experienced internal testing teams, we continuously contract third-party security assessment specialists to make sure our software is safe, secure, and ready for you to use.

Loftware development teams design and execute an expansive array of manual and automated tests for each new software build.

We increase the number of tests and the number of test team members for final testing before releases. Any security flaws we detect result in writing new automated tests to prevent problems from appearing again.

Loftware contracts third-party IT security specialists for major and minor releases.

Our security experts access our software like our customers but use their expertise to assess our web and desktop applications to identify exploitable vulnerabilities. Testing involves building custom threat profiles to uncover security vulnerabilities specific to our applications and web technology.

Our third-party security testers use the OWASP Testing Guide for test execution and verification. The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software.

Loftware testing is compliant and trusted by customers in regulated industries.

Loftware Cloud customers in regulated industries including healthcare, pharmaceuticals, medical device manufacturing, food & beverage, and others rely on test results we provide.

We will also work with you to perform tests with your own testing tools and procedures.