Enterprise Edition Security

Learn the security features of Simul's Enterprise Edition and get your questions answered

Security Features

Encryption

Documents are encrypted in transit using SSL, and can be configured to encrypt documents at rest.

User Access

Access can be managed by SSO inheriting your existing policies, including Multi-Factor Authentication.

Permissions

Permissions are managed at the document level but Super Admins can access all documents

Storage

Documents can be stored on local drives, Network Attached Storage or can be saved to Azure Blob Storage

Threat Detection

Granular logging and automated alerts help you ensure there's no suspicious activity

Secure Development

We follow the OWASP guidelines for secure development and maintain a Secure Development Policy

Releases

Patches & releases are available for installation regularly, and timing can be managed by admins.

Data Security

Services use least-privilege access control and NGINX is used to control inbound requests

Frequently Asked Questions

How is system access managed?

Simul Enterprise authenticates users via passport.js in a custom Node.js application. All requests to Simul are routed through our front end (simul.web) where the user’s identity is validated and used throughout the system.

Simul Enterprise can be configured to authenticate users via one or the following methods:

  • Email registration - This allows users to create an account unique to Simul with a custom password. The email addresses used to register must be validated via a link sent to the provided address. Once verified, users can authenticate and Simul provides password reset functionality.
  • LDAP/Active Directory - Simul can be configured to query any LDAP server for a list of valid users. Simul authenticates using the bind operation and if the specified LDAP/Active Directory server accepts, the user will be considered authenticated. In this mode, documents will be restricted to sharing only with users which exist in the database.
  • OAuth - Simul can be configured to communicate with any OAuth 2.0 server. This allows Simul to integrate with common single sign-on providers like AuthO, Okta, OneLogin, etc. Simul will redirect any login requests to the OAuth provider, meaning Simul does not directly manage the identities, instead, any valid token issued by the SSO provider will be considered authenticated.

Is data secured in transit?

Yes, Simul uses SSL to secure data in transit

Are logs available for audit and threat identification purposes?

Yes, Simul produces a vast amount of logs through use of the system and where appropriate include the user's identity for accountability.

Simul’s log files are provided in both JSON and well-structured text formats and are parsable and human-readable. They are also able to be processed in your chosen audit reduction tools.

How is your software development managed?

Simul uses software development best practices to help ensure our software is free from vulnerabilities.

Code is peer reviewed before committing and there are over 300 manual & automated tests completed by team members before deployment.

Simul uses Azure Devops to store its source code using a git repository. Only Simul’s CTO Ben Morris can commit code to this repository.

How is document access managed?

Document access is managed at an individual-document level, with the ability to group related documents together and manage access as a set.

There are multiple levels of permission that can be assigned to an individual at a per-document level, and include the ability to view, edit, manage members, etc.

In Enterprise Edition, a Super Admin user role exists that can access all documents. This is typically only used by system administrators to retrieve lost documents (I.e. documents who's owners may have left the company)

How are patches & updates managed?

Simul regularly provides updates & patches to introduce new features or fix issues.

System Administrators can check for updates in the Administration Portal and can download and deploy them at a time that suits them.

If adminstrators want to test updates before deploying, Simul can provide a UAT licence and a Simul test environment can be provisioned.

What technologies are in place to protect data?

Simul employs a number of technologies to help protect your documents and data from malicious attacks, including:

  • Browser security - Simul uses helmet.js to enforce a strict set of modern security features in the browser, including HSTS, XSS protection, clickjacking protection amongst others
  • Server firewall - Simul is installed on a windows server, it is expected that the OS firewall be restricted so that only port 80 & 443 are exposed. This is all that’s required for Simul to function.
  • Reverse Proxy (Nginx) - Simul installs Nginx along without our custom application. Nginx binds to the public ports and routes traffic to Simul’s custom web server. Nginx has many built in security features, but also acts as a whitelist of expected requests ensuring only valid traffic is passed on to our endpoints.

I have another question. How can I contact you?

We'd love to hear any questions you have and have answered numerous security questionnaires in the past. You can contact us here.

Alternatively, download our security whitepaper from the bottom of this page to get further information on the security features and processes of Enterprise Edition.

Download Our Security Whitepaper

Get all the details on Enterprise Edition by downloading and reviewing our security whitepaper