Certifications from trusted organizations

In addition to building a world-class security team that holds itself to the highest standards, we regularly invite respected organizations to review and analyze our product and policies.

Protection at Server Level

server level Security

  • All the connections to U&Me+ are secured using TLS/SSL. Any effort to link through is redirected to HTTPS.
  • U&Me+'s web application servers are logically and physically separated from servers which store client data.
  • U&Me+ works on hard-edged Linux servers. Critical patches that are externally exposed are resolved in just 24 hours.
  • If TLS encrypted message is compatible with your servers, any data shared from U&Me+ via email will be delivered with 128-bit encryted transport.
Protection at Network Level

network level Security

  • Strong network traffic encryption techniques such as Secure Socket Layer (SSL) and the Transport Layer Security (TLS) are used to prevent leakage of sensitive information.
  • Network Traffic is filtered by Cisco ASA Firewall and after that Windows firewall will limit the access.
  • Limit access to a definite IP range so that the network is accessible only for selected physical locations or via the company's VPN.
  • Session management mechanisms let administrators check the devices which are accessed by users and deny access if needed. The system administrators can open/close sessions for any users within their network.
  • Data is segmented at Network level within U&Me+; under no circumstances will it be available to users who have not been explicitly authorized to network.
Protection at Application Level

application level Security

  • U&Me+ is developed implementing secure industry-best practices incorporating security reviews in the whole design, prototyping and deployment process.
  • Authentication and authorizations at application levels do not allow information access to unauthorized users.
  • Secondary password authentication provides immunity from phishing attacks, unlike traditional username/password authentication mechanism.
  • U&Me+ organises and handles data as private, implementing inbound and outbound firewalls to make sure that data is not disclosed from its networks. Confidential production data is never used or migrated outside the production network.
  • Devise password policies for expiration, length as well as complexity to fulfil the company password standards.
  • One-time password in the form of verification code required to register the mobile device which to be used to access U&Me+. This process is required to ensure only verified personnel have the access the critical data.
Protection at Platform Level

platform level Security

  • All connections use industry-standard 256-bit TLS encryption as well as user connection, authentication and authorisation for MQTT to restrict users to get the data.
  • The service oriented architecture allows users to isolate components and compartmentalize permissions between the users.
  • U&Me+ customarily execute internal and external exposure scans as well as penetration examinations and work in collaboration with third party organisations for detailed quarterly security evaluations.
  • Database gets authenticated with administrator roles with username/password.