Quality control and cloud-hosted data security

Of all of the concerns we get from prospective customers who’ve approached us about our software, there are perhaps none more valid or easier to sympathize with than those about data security. High-profile hacks make the news seemingly on a weekly basis and newer and emerging technologies are often rightfully met with a healthy degree of skepticism.

While the concept of cloud-based computing has been around for decades, only since the 2000’s has been a nearly ubiquitous presence in private and public enterprise. In that time, it’s become such a widely used storage strategy that the US Government has set up a program known as the Federal Risk and Authorization Management Program, or FedRAMP, specifically tasked with providing “a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.”

For TruQC, cloud-based quality control software, where the term “cloud-based” alludes to one of the most useful and innovative aspects of the product as a whole, data security has been a chief concern since day one. That’s why we’d only trust our customers’ data with a FedRAMP-certified program. It’s why we’ve chosen to outsource cloud-hosting responsibilities to one of the most trusted names in the game, one that counts Netflix, Yelp, Airbnb and even NASA among its customer base: Amazon Web Services (AWS). Even more importantly, it’s why we committed to data security right here at the home base when engineering our software.

The decision to run our app on Apple’s iOS was another one taken with security in mind. Apple has, after all, been pretty transparent about its comprehensive security measures and has the record to boot. In almost ten years of existence, Apple’s iOS has never had a widespread malware event. Plus, every app in Apple’s App Store receives an encrypted sandbox on the device (a feature that protects against outside people or programs from interacting with the sandboxed application).

Here are just a few of the ways we’re committed to your data security:

On the same security page

Our decision to take our hosting needs to AWS, along with all of our choices concerning our customers’ data, have been based on making sure that our partners feel as strongly about security as we do. So when AWS’s security procedures were determined to be best-in-show, we knew we had found the right cloud-storage partner for TruQC and its customers. Physical security, redundant network contingencies, strict identity access management, automated backup and isolated Virtual Private Clouds are just a few of the strategies AWS uses to guarantee cloud security.

Secure and encrypted

Hypertext Transfer Protocol Secure, or HTTPS, is the industry-standard procedure for communicating over the Internet and ensuring the privacy and integrity of the information shared on them. When combined with a valid SSL certificate signed by a certificate authority like GoDaddy.com, a green lock icon appears in the URL field of most web browsers. This helps to confirm that users are communicating with the web pages they believe they are. As the currently agreed upon best-practice for establishing a secure connection over the web, all mobile and web-based communications conducted with TruQC use HTTPS connections with confirmed SSL certificates.

Encryption is another measure used to protect all of the data within TruQC. We use the same advanced encryption standard (AES) adopted by the US Government in 2002, AES-256. Even inactive data stored physically, in a database or a mobile device for instance, so-called “data at rest,” are protected by industry-leading encryption techniques.

User identity verification and monitoring

TruQC was also designed with several identify verification and security monitoring features to further enhance user confidence. Beginning with password settings that require a minimum of eight characters, made up of both upper and lower cases, and settings that immediately cause a logout if user settings or passwords are changed, we’re protecting user data on both the back and the front end.

And that’s not all. Optional Auto Log Out settings ensure no one stumbles upon a user that’s already logged in by automatically signing users out after a set period of inactivity. And with optional Touch ID login functionality, easy signing in and out encourages users to maintain a high level of security.

Finally, nightly scans by the trusted security software McAfee Secure mean we’re always on the lookout for chinks in the armor. When issues are discovered, software updates are released to address them as quickly as their severity and applicability necessitate.

If data security is a concern for your business, as well it should be, we’re here to talk. Let us know your concerns and we’ll let you know what we’re doing to address them.

Never stop improving

Data security is often about staying ahead of those who would seek to exploit new technologies or techniques to make the web a less safe place to store information. That’s why, at TruQC, we’re committed to continuous improvement. Each new release of our app seeks to up the ante on data security. For our forthcoming release, we’re hard at work on adding more and increasingly sophisticated password controls. Specifically, multi-factor authentication (MFA), which utilizes separate, independent identification metrics for additional layers of user protection.

That’s one of the reasons we keep the updates coming and encourage users to update as soon as possible. As you update to version 4.4, rest easy knowing we’re hard at work protecting your data at TruQC.