Security is a critical aspect of document management and one of the top priorities of AODocs. This article describes the architecture and processes that AODocs has implemented to ensure the protection of our customers’ data.
Find out about:
|Segregation of customer data|
AODocs runs entirely on Google Cloud Platform and in particular on Google App Engine, one of the most secure platforms-as-a-service on the market. Google App Engine features a number of certifications such as SOC2, SOC3, ISO 27001, ISO 27017, ISO 27018, FedRamp ATO and PCI DSS, which reflect the high level of security of this platform.
Learn more: Google Cloud Platform compliance
Customer data stored in AODocs benefits from Google App Engine’s security features, such as at rest encryption, the security of Google’s network and the physical security of its datacenter facilities. Data storage in Google App Engine is highly redundant, with automatic replication across multiple datacenters.
Learn more: Google Cloud datastore
AODocs also implements a “cloud only” policy for its internal IT: all internal applications run on the highly redundant public cloud to make sure our employees can work from anywhere. The loss of any one of our physical offices can't impact the continuity of our business operations.
All data transferred to and from AODocs is encrypted by industry standard protocols such as SSL/TLS. AODocs front-ends are managed by Google App Engine, which provides highly secured web servers that are regularly updated against any known vulnerabilities.
Because AODocs runs on the Google Cloud Platform, the data exchanged between the AODocs application and Google Drive is transferred via Google’s internal private network.
Users accessing AODocs are authenticated by their Google Account, via the OAuth2 login flow. Access permissions and roles in AODocs are set on Google Accounts and Google groups, while the access control on AODocs files in Google Drive is done by Google Drive itself.
AODocs does not store any passwords and never asks users for any passwords.
Segregation of customer data
AODocs is a multi-tenant SaaS application, where all customers are hosted on a single instance of the application. AODocs stores customer data in two different places:
- The files attached to AODocs libraries are stored in each customer’s Google Drive domain, owned by AODocs storage accounts
- AODocs-specific data such as custom document properties, the AODocs configuration, workflow status and audit log are stored in the Google App Engine Datastore
As a result, the Google Drive files managed by AODocs are automatically segregated because they belong to each customer’s specific Google Drive domain.
The AODocs-specific data stored in the Google App Engine Datastore relies on a built-in multi-tenancy feature named 'namespace', which defines virtual “silos” within the AODocs database. Each customer is assigned a specific namespace (which is in fact the customer’s primary G Suite domain name), and the namespace separation is implemented at the lowest possible level of the application to maximize the isolation between data structures belonging to different customers.
AODocs also maintains completely separate environments for development, pre-production and production, so no customer data is ever used for software development and testing.
AODocs is SOC2 certified, which means that AODocs internal processes for HR, support and operations are regularly assessed by an independent audit firm, which validates the compliance of our internal controls with the SOC2 framework. Our latest SOC2 audit report is available to our customers on request.
AODocs is also a Recommended for G Suite application, and as part of this program, is regularly audited by Google about the security of its application.
AODocs implements strict internal security policies controlling how employees handle confidential information and customer data in particular. These policies are reviewed at least annually, and employees receive periodic training on IT security.
Important: AODocs performs periodic penetration testing on its Web application, conducted by external firms, to detect any vulnerabilities.