Security

The IT infrastructure of 2OS has been certified 100% secure by SECURVIEW.

With 2OS, IT security is a top priority, and we strengthen this culture every day with stringent controls and continuous training. We ensure that our installations comply with the strictest standards in terms of IT security and data confidentiality.

Avec 2OS, la sécurité informatique est une priorité absolue, et nous renforçons cette culture chaque jour par des contrôles rigoureux et une formation continue. Nous veillons à ce que nos installations respectent les normes les plus strictes en matière de sécurité informatique et de confidentialité des données.

Zero trust architecture model

Our platform implements a Zero Trust Architecture model using the Azure cloud technologies to offer secure access, productivity, and ease of use. Our security framework is based on a strict identity verification process to ensure that only authentified and authorized users can access application data and it protects those applications and users from advanced threats on the Internet.

Azure API protection

Keeps APIs behind a single static IP or domain, and help protect them with keys, tokens, and IP filtering. Selectively expose data and services to employees, partners, and customers by applying authentication, authorization, and usage limits.

Modèle d’architecture sur le principe de « zéro confiance »

Notre plateforme met en œuvre un modèle d’architecture utilisant les technologies du cloud pour offrir un accès ultra sécurisé, une confidentialité totale des données et une facilité d’utilisation. Notre cadre de sécurité est basé sur un processus de vérification d’identité strict pour garantir que seuls les utilisateurs authentifiés et autorisés peuvent accéder aux données des applications. De multiples digues techniques représentent une barrière infranchissable pour toute tentative d’intrusion informatique.

Application Gateway

Build secure, scalable, and highly available web front ends in Azure.

Protect your applications from common web vulnerabilities such as SQL injection and cross-site scripting. Monitor your web applications using custom rules and rule groups to suit your requirements and eliminate false positives.
Get application-level load-balancing services and routing to build a scalable and highly available web front end in Azure. Autoscaling offers elasticity by automatically scaling Application Gateway instances based on your web application traffic load.
Application Gateway is integrated with several Azure services. Azure Traffic Manager supports multiple-region redirection, automatic failover, and zero-downtime maintenance. Use Azure Virtual Machines, virtual machine scale sets, or the Web Apps feature of Azure App Service in your back-end pools. Azure Monitor and Azure Security Center provide centralized monitoring and alerting, and an application health dashboard. Key Vault offers central management and automatic renewal of SSL certificates.
Strong encryption from front end to back end helps to secure your data.

Route traffic to back-end server pools with URL path-based routing, and to multiple web applications using host header-based routing.

Scale your web application with SSL offload, and centralize SSL certificate management to reduce encryption and decryption overhead on your servers.

Azure Active Directory

Enable single sign-on.

Single sign-on simplifies access to your apps from anywhere.
Conditional Access and Multi-factor authentication help protect and govern access.
A single identity platform lets you engage with internal and external users more securely.
Developer tools make it easy to integrate identity into your apps and services.
Azure DDoS Protection

Protect your applications from Distributed Denial of Service (DDoS) attacks.

Backed by the Microsoft global network, DDoS Protection brings massive DDoS mitigation capacity to every Azure region. Scrub traffic at the Azure network edge before it can impact the availability of your service.
Cover all resources on a virtual network when you enable Azure DDoS Protection via simplified configuration. Always-on traffic monitoring provides near real-time detection of a DDoS attack, with no intervention required. DDoS Protection automatically mitigates the attack as soon as it’s detected.
DDoS Protection provides advanced intelligence that automatically configures and tunes your DDoS Protection settings. The DDoS service understands your resources and resource configuration to learn application traffic patterns over time.
Deployed with Azure Application Gateway Web Application Firewall, DDoS Protection defends against a comprehensive set of network layer (layer 3/4) attacks, and protects web apps from common application layer (layer 7) attacks, such as SQL injection, cross-site scripting attacks, and session hijacks. Web Application Firewall comes preconfigured to handle threats identified by the Open Web Application Security Project top 10 common vulnerabilities.

Native integration with Azure Monitor exposes attack metrics and telemetry alongside other resource telemetry. Flexible alerting mechanisms notify you when an application is under attack.

Get detailed reports in five-minute increments during an attack, and a complete summary after the attack ends. Stream DDoS mitigation flow logs to an offline security information and event management (SIEM) system for near real-time monitoring during an attack.

Engage the DDoS Protection rapid response team for help with attack investigation, custom mitigation, and analysis.

Receive service credit for resource costs incurred as a result of a documented DDoS attack.

Key Vault

Safeguard and maintain control of keys and other secrets.

Use Key Vault and you don’t need to provision, configure, patch, and maintain HSMs and key management software. Provision new vaults and keys (or import keys from your own HSMs) in minutes and centrally manage keys, secrets, and policies. You keep control over your keys—simply grant permission for your own and partner applications to use them as needed. Applications never have direct access to keys. Developers manage keys used for Dev/Test and seamlessly migrate to production the keys that are managed by security operations. Simplify and automate tasks related to SSL/TLS certificates—Key Vault enables you to enroll and automatically renew certificates from supported public Certificate Authorities.
Improve performance and reduce the latency of your cloud applications by storing cryptographic keys in the cloud, instead of on-premises. Key Vault quickly scales to meet the cryptographic needs of your cloud applications and match peak demand, without the cost of deploying dedicated HSMs. Achieve global redundancy by provisioning vaults in Azure global datacenters—keep a copy in your own HSMs for more durability.