Skip to content
  • There are no suggestions because the search field is empty.

Licenseware Security

Architecture

All traffic between users and our application—both at the interface and server levels—is encrypted over the internet using TLS with a minimum version of 1.2, ensuring data in transit remains secure. Application storage, persistent volumes, and our full monitoring stack are encrypted at rest using Google-managed encryption keys, with automatic key rotation handled by GCP to maintain strong security while reducing operational overhead.

Internally, all service-to-service communication—between the application, databases, and other components—is encrypted using Cilium with WireGuard, a modern encryption protocol known for its strong security, minimal performance overhead, and high efficiency. Backups are securely stored in Google Cloud Storage (GCS) buckets, also encrypted using GCP-managed keys with automatic rotation.

To further strengthen our perimeter defenses, all traffic to backend services is routed through Cloudflare, which provides protection via Web Application Firewall (WAF) rules and advanced traffic filtering. Additionally, a GCP load balancer fronts all public-facing endpoints, helping to eliminate unwanted traffic, mitigate DDoS threats, and reduce exposure to automated and malicious scans.

SOC 2 Type 1 Certification

As a Software-as-a-Service (SaaS) company, we understand the critical importance of implementing stringent security measures to protect our customers' data. To provide reassurance and instil trust, we have obtained the SOC 2 Type 1 certification, which validates our commitment to security. In this article, we will delve into the security provisions we have implemented on our platform for our SaaS product, aligning with the requirements of SOC 2 Type 1.

Understanding SOC 2 Type 1: SOC 2 (System and Organization Controls 2) is an esteemed auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It focuses on an organization's non-financial reporting controls, emphasizing security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type 1 certification signifies that our security controls and processes have been assessed by independent auditors.

Key Security Provisions on Our Platform:

  1. Data Encryption: We prioritize the protection of sensitive data. To ensure secure data transmission between users and our platform, we utilize robust encryption techniques, such as SSL/TLS (Secure Sockets Layer/Transport Layer Security). This encryption safeguards confidential information, making it inaccessible to unauthorized entities.
  2. Access Controls: Controlling user access is paramount to preventing unauthorized activities and maintaining data security. We have implemented strong authentication mechanisms, including multi-factor authentication (MFA), to verify user identities. This additional layer of security fortifies our system against unauthorized access attempts, ensuring only authorized individuals can access our SaaS product.
  3. System Monitoring and Logging: We understand the importance of proactively monitoring our systems for any potential security threats. To this end, we have comprehensive monitoring and logging mechanisms in place on our platform. These systems track and record various activities, such as user logins, data modifications, and system events. Regular analysis of these logs enables us to promptly detect and respond to security breaches or suspicious activities.
  4. Incident Response: Despite our robust preventive measures, security incidents can still occur. We have developed a well-defined incident response plan, which outlines the steps we take in the event of a security breach. On our platform, we have a dedicated page that details our incident response procedures. This demonstrates our commitment to promptly addressing incidents, mitigating risks, and minimizing any impact on our customers.
  5. Privacy Policies and Compliance: Respecting user privacy and complying with relevant data protection regulations are core principles for us. Our platform clearly communicates our privacy policies, outlining our data collection, storage, and usage practices. We adhere to applicable regulations, such as the General Data Protection Regulation (GDPR). By providing transparency and complying with these regulations, we ensure the privacy and confidentiality of our users' data.

Conclusion: Obtaining the SOC 2 Type 1 certification underscores our unwavering dedication to maintaining the highest standards of security. On our platform, we have implemented various security provisions, including robust data encryption, stringent access controls, comprehensive system monitoring and logging, a well-defined incident response plan, and transparent privacy policies. These measures reflect our commitment to safeguarding our customers' data, building trust, and enhancing the overall security of our SaaS product.

Vulnerability Assessment and Penetration Testing (VAPT)

To maintain a strong defense against potential vulnerabilities, we conduct regular Vulnerability Assessment and Penetration Testing (VAPT) using industry-standard methodologies, particularly following the guidelines provided by the Open Web Application Security Project (OWASP). In this article, we will explore the security benefits of conducting regular VAPT using OWASP standards.

  1. Comprehensive Security Assessment: By conducting VAPT regularly, we gain a comprehensive understanding of our SaaS solution's security posture. VAPT encompasses vulnerability assessment, which identifies potential weaknesses and vulnerabilities in our system, and penetration testing, which involves simulating real-world attacks to assess the effectiveness of our security controls. This thorough assessment allows us to proactively identify and address security flaws before they can be exploited.
  2. Identification of OWASP Top Ten Vulnerabilities: The OWASP Top Ten is a widely recognized list of the most critical web application vulnerabilities. By adhering to OWASP standards in our VAPT processes, we focus on detecting and addressing these top vulnerabilities, including issues like injection attacks, cross-site scripting (XSS), and insecure direct object references. This targeted approach helps us mitigate the most prevalent security risks and protect our SaaS solution from common attack vectors.
  3. Enhanced Application Security: Regular VAPT using OWASP standards helps us fortify the security of our SaaS application. By identifying vulnerabilities and weaknesses, we can implement appropriate security controls and best practices to mitigate risks. This may involve code-level fixes, patching vulnerable components, or strengthening access controls. Through VAPT, we ensure that our application adheres to industry standards and best practices for secure development.
  4. Improved Incident Response Preparedness: VAPT plays a vital role in incident response preparedness. By simulating real-world attacks, we gain insights into how our security measures hold up and how effectively we can detect and respond to threats. This process helps us refine our incident response procedures, ensuring timely and efficient mitigation of security incidents. Regular VAPT allows us to fine-tune our response strategies, minimizing potential damage and reducing recovery time in the event of an actual security incident.
  5. Compliance and Customer Trust: Conducting regular VAPT using OWASP standards demonstrates our commitment to security and compliance. It showcases our dedication to ensuring the confidentiality, integrity, and availability of our customers' data. Compliance with industry standards and best practices builds trust among our customers, as they can rely on our robust security measures to protect their sensitive information.

GCP Hosting

To ensure the highest level of protection for our customers' data, we have migrated our SaaS solution to Google Cloud Platform (GCP). This article outlines the key security benefits of hosting on GCP, highlighting the infrastructure, compliance measures, and controls in place to safeguard data integrity, confidentiality, and availability.

Hosting Locations

We operate multiple regional instances to ensure high performance and compliance with data residency requirements:

Instance Location
app.licenseware.io Eemshaven, Netherlands (Europe)
us.licenseware.io Ashburn, Virginia (United States)
au.licenseware.io Sydney, Australia (APAC)

These deployments are strategically distributed across GCP regions to offer low latency and meet regional compliance standards.

Security Features

Physical Security

GCP data centers implement multiple layers of physical protection, including perimeter fencing, biometric access controls, 24/7 security staff, and round-the-clock surveillance. Access to facilities is tightly controlled and audited, reducing the risk of unauthorized physical entry.

Network Security

Google applies a zero-trust architecture and multi-layered network protections. This includes DDoS mitigation, encryption in transit, identity-aware proxy, and global traffic distribution through advanced load balancing. These measures help protect against external threats and ensure secure communication.

Data Encryption

All data on GCP is encrypted at rest and in transit by default. We utilize Cloud Key Management Service (KMS) to manage our encryption keys securely, offering an added layer of control and compliance. Even in the event of unauthorized access, encrypted data remains secure and unreadable.

Identity and Access Management (IAM)

GCP offers granular IAM controls to manage user permissions effectively. We enforce least privilege access, multi-factor authentication (MFA), and context-aware access policies, allowing us to minimize the risk of unauthorized actions within our cloud environment.

Compliance and Certifications

Google Cloud undergoes independent third-party audits and maintains certifications for a broad set of global standards, including:

  • ISO/IEC 27001, 27017, 27018
  • SOC 1/2/3
  • PCI DSS
  • HIPAA
  • FedRAMP
  • GDPR readiness

This ensures that our infrastructure is compliant with widely accepted security and data protection frameworks.


Scalability and High Availability

GCP’s global infrastructure allows us to deliver reliable, fault-tolerant services. We leverage:

    • Auto-scaling to adjust to usage patterns dynamically
    • Global load balancing for performance and resilience
    • Multi-zone and multi-region deployments to ensure uptime and minimize disruption in case of regional failures

Azure AD Integration

To streamline user authentication and enhance security, we have implemented Single Sign-On (SSO) functionality through Azure Active Directory (Azure AD). In this article, we will explore the benefits of enabling SSO via Azure AD and how it enhances access management controls for our SaaS solution.

  1. Centralized User Identity and Access Management: By integrating our SaaS solution with Azure AD, we achieve centralized user identity and access management. Azure AD serves as the identity provider, allowing us to authenticate and authorize users across different applications and services. This centralization simplifies user provisioning, deprovisioning, and access management, reducing administrative overhead and improving overall security.
  2. Streamlined User Experience: SSO through Azure AD enables users to access multiple applications and services, including our SaaS solution, with a single set of credentials. This streamlined user experience eliminates the need for users to remember multiple usernames and passwords. It enhances convenience, productivity, and user adoption while reducing the risk of password-related security incidents, such as weak passwords or password reuse.
  3. Enhanced Security: Implementing SSO through Azure AD strengthens security for our SaaS solution. Azure AD provides robust authentication mechanisms, including multi-factor authentication (MFA), conditional access policies, and risk-based authentication. These features bolster access controls, ensuring that only authorized users with proper authentication can access our SaaS solution. By leveraging Azure AD's security capabilities, we mitigate the risk of unauthorized access attempts and protect against potential security breaches.
  4. Seamless Integration with Enterprise Systems: Azure AD offers seamless integration with various enterprise systems and applications. By enabling SSO through Azure AD, we can integrate our SaaS solution with existing identity and access management (IAM) systems within organizations. This integration simplifies user provisioning and deprovisioning, aligns with existing access controls and policies, and ensures a consistent user experience across different applications used within the organization.
  5. Compliance and Auditing Capabilities: Azure AD provides robust compliance and auditing capabilities, contributing to effective access management controls. It allows us to enforce security policies, monitor user access, and generate comprehensive audit logs. These features enable us to meet regulatory compliance requirements, monitor user activity, detect anomalies, and promptly respond to any security incidents or policy violations.

Further detail

For further information regarding our security procedures and policies, please reach out to your dedicated account representative.