Security & Privacy
Your security is our top priority
We take every step to make sure your data is safe and secure. We protect your data using the highest security standards
Data center
Eric.ai hosts all its software in Microsoft Azure facilities in the UK. Microsoft Azure provides an extensive list of compliance and regulatory assurances. Click here to see a list.
Private cloud deployment solutions are also available.
Security operations
Microsoft Defender for Cloud
Microsoft Defender for Cloud is used to prevent, detect, and respond to threats with increased visibility into and control over the security of our Azure resources. It provides integrated security monitoring and policy management across our estate and helps detect threats that might otherwise go unnoticed, giving complete digital protection.
Azure Resource Manager
Azure Resource Manager works with the resources within the Eric.ai solution as a group. By adopting the Azure Resource Manager templates we maintain a high security standard of solutions deployed in Azure. Standard security control settings can be integrated into the templates which reduces the risk of security configuration errors that might take place during manual deployments.
Azure Monitor logs
Azure Monitor logs are used for forensic and other security analysis. This provides a central logging service that is connected to other security services with the Microsoft Azure ecosystem including our firewalls.
Application security
Web application vulnerability scanning
The Eric.ai technical team maintains robust software development principles to maintain a high security standard. As part of these development principles, the technical team proactively uses Web Application scanning during development.
This process allows the technical team to scan and secure the Eric.ai software application throughout the software development lifecycle.
Web Application Firewall
The Web Application Firewall (WAF) helps protect the Eric.ai software application from common web-based attacks including SQL injection, cross-site scripting attacks, and session hijacking. This enhances digital protection and ensures data access and security are under control.
The web application firewall that is embedded within the Eric.ai architecture uses threats that are identified by the Open Web Application Security Project (OWASP).
Layered Security Architecture
We adopt the Layered Security Architecture within the Eric.ai software application to provide differing levels of network access for each application tier. An example of this is to hide the API back-end services from general Internet access, and only allow APIs to be called by upstream web apps.
Access, authentication and authorization
Accessing the Eric.ai software application from a browser uses Secure Socket Layer (SSL) encryption. Authenticating and authorizing users within Eric.ai are facilitated either by Auth0 or Microsoft Single Sign On (SSO). For users that authenticate using SSO the 2FA authentication service is embedded within their own security configuration and by default users that authenticate with the Eric.ai software application directly use Auth0, 2FA mandated.
Data security
Azure role-based access control
Using the role-based access control service we restrict access based on the need to know and least privilege, security principles within Eric.ai.
Encryption in transit
Encryption in transit is a mechanism that we use to protect data and maintain information transmitted across networks.
TLS 1.2 is used to support transport level encryption.
Encryption at rest
Encryption at rest is a mechanism that is used to protect data that is at rest.
Storage service encryption (AES-256) is embedded within Eric.ai