Chat now with support
Chat with Support

Quadrotech Nova Current - Core Security Guide

Overview of data handled by Quadrotech Nova Core

Quadrotech Nova Core manages the following type of customer data:

·Azure Active Directory tenant information and other properties. Part of the information is stored in the product database.

·User metadata (Name, Email) as configured from Azure AD or Quest Identity Broker (common identity broker for Quest SaaS solutions) - QIB, incl. the access/id tokens (encrypted at rest)

·Scheduled reports attachment data stored in Azure Blob storage encrypted at rest

·Internal identifier of user (Guid) and access to APIs will be tracked via Application Insight and is encrypted at rest.

·The application does not store or deal with end-user passwords of Azure AD objects.

·The application stores multiple client secret of the application accessing Azure AD via MS Graph (some are read-only, some are customer provided ones for white-label deployments). The data are stored in Azure Key Vault and is encrypted at rest.

·The application stores administrative account name and password to perform certain data collection jobs using PowerShell cmdlets. The data are encrypted by the data collection applications public key and stored in Azure Key Vault and is encrypted at rest and in transit.

 

Admin Consent and Service Principals

Quadrotech Nova Core itself does not require access to the customer’s Azure Active Directory and Office 365 tenancies. It does however provide capabilities for applications built upon Quadrotech Nova Core to ask and store additional consents and/or service credentials. Quadrotech Nova Core itself will not utilize service principals as entities defined in Azure Active Directory by default. Quadrotech Identity (QTID) is able to utilize Azure Active Directory as login provider and then will ask for consent for “Quadrotech Platform” Azure application, resulting in adding of this application into customer’s Azure Active Directory.

 

Following is the base consent required by Quadrotech Nova Core (for the Identity application).

 

Permissions1

In addition to the base consents required by Quadrotech Nova Core additional applications might request additional consents.

Location of customer data

When a customer signs up for Quadrotech Nova, we store metadata about customers organization (incl. tenant metadata) into a centralized storage, which currently resides in EU West/North Azure data centers. Also, any users’ metadata (email, name) invited to the platform will be stored into the same locations.

Privacy and protection of customer data

The most sensitive customer data processed by Quadrotech Nova Core is the Azure Active Directory tenant metadata. Reporting service also stores into blob storage any attachments, which are being sent to customers. This might be data which is provided by another Quadrotech Nova application and using Quadrotech Nova Cores’ reporting and alerting shared services.

·Notifications and emails sent through Alerting shared service stores the attachments to Azure Blobs. Data is stored encrypted at rest by Azure. Data in transit is protected by TLS.

·Third party service (SendGrid) is used to send emails with reports. Data transfer to SendGrid is protected by TLS and our API key.

·Other data are stored in SQL. Transparent data encryption is utilized to encrypts databases, backups, and logs at rest.

 

More information about Azure queues, tables, and blobs:

·https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction

·https://docs.microsoft.com/en-us/azure/security/security-storage-overview

·https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating