SECURITY
The future of business is all about digital. Here our digital cards help professional.
ssl certificate
Encrypting as much web traffic as possible to prevent data theft and other tampering is a critical step toward building a safer, better Internet. We’re proud to be the first Internet performance and security company. SSL (Secure Socket Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This secure link ensures that all data transferred remains private. It’s also called TLS (Transport Layer Security). Millions of websites use SSL encryption everyday to secure connections and keep their customer’s data safe from monitoring and tampering
Cloudflare Security
Our Database is fully secured by Cloudflare, Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable. Secure your websites, APIs, and Internet applications. Protect corporate networks, employees, and devices. Write and deploy code that runs on the network edge. It protects your internal resources such as behind-the-firewall applications, teams, and devices. And it is your platform for developing globally-scalable applications.
Web Application Firewall
Cloudflare Web Application Firewall's intuitive dashboard enables users to build powerful rules through easy clicks and also provides Terraform integration. Every request to the WAF is inspected against the rule engine and the threat intelligence curated from protecting approximately 25 million websites. Suspicious requests can be blocked, challenged or logged as per the needs of the user while legitimate requests are routed to the destination, agnostic of whether it lives on-premise or in the cloud. Analytics and Cloudflare Logs enable visibility into actionable metrics for the user.
Install Card On Mobile
We give a new concept for PWA feature, your clients or friends can install your Digital card on there mobile dashboard like mobile icon app. Once you install the digital card on mobile they easily access there mobile.
Data Security and Confidential
Standard security measures, such as firewalls, intrusion detection systems (IDSs) and antivirus software, are commonly available products that guard computers against outsider and insider attacks. The use of a firewall, for example, prevents the access of outsiders to the internal network and an intrusion detection system detects intrusion attempts by outsiders. Inside attacks can be averted through antivirus scans that detect Trojan horses that send confidential information, and by the use of thin clients that operate in a client-server architecture with no personal or sensitive data stored on a client device.
Database PII columns and the platform discs are encrypted. Backup data is also encrypted.
Data is encrypted and secured over the cloud with the retention period of as per requirement by the partner.
3.Encryption
a. Does the solution provides the ability to encrypt data and records.
We use MySQL encryption technology to encrypt the data with
sha256 algorithm.
b. Ability to encrypt data at the database level, the file storage level, and content that has been backed up/at rest.
Database PII columns and the platform discs are encrypted . Backup data is also encrypted.
Vulnerability Assessment (VA & PT)
Vulnerability Assessment tools uncover all possible network weaknesses,
leaving customers guessing as to which vulnerabilities pose real, imminent threats.
Penetration Testing safely exploits vulnerabilities to eliminate "false positives"
and reveal tangible threats. Penetration test results enable IT staff to delineate
critical security issues that require immediate attention from those that pose lesser risks.
Vulnerability Analysis is the act of determining which security holes and vulnerabilities
may be applicable to the target network or host. The vulnerability analysis phase is started.
after some interesting hosts are identified via scanning tools and is preceded by the enumeration phase.
Identification & Filtration of False Positives.
Identification & Filtration of False Negatives.
Banners exposing internal information.
Exposed Web Applications variables, etc.,
Default configuration mistakes.
SGNameCard Infrastructure Security
In SGNameCard Infrastructure, the above technological components contribute to and drive business functions. Leaders and managers within the IT field are responsible for ensuring that both the physical hardware and software networks and resources are working optimally. SGNameCard infrastructure can be looked at as the foundation of an organization's technology systems, there by playing an integral part in driving its success
| Q: Due to unforeseen circumstances, how fast it will be rectified and back to normal ? |
| Would able rectify issues as soon as possible |
| Q: How is data being protected from Hacking ? |
| SGNameCard servers are updated with necessary updates & Patching when newer versions are released.
With regards to website hacking, often hackers do not target servers, they search for and target websites that are vulnerable mostly due to outdated software installations, so we do regular software updates. |
| Q: Where is the solution and platform hosted ? |
| Solution hosted on Cloud . Singapore DATA Center. |
| Q: Describe the data protection methodology |
| Data is protected by cloud platform encryption methodology |
| Q: Describe the regular test backup and recovery processes. |
| We are taking daily backup of databases and following monthly restoration testing of the backup taken. |
| Q: Explain the controls for intrusion detection, perimeter security, physical security and security patching |
| We have a web application firewall on the cloud to protect web applications for the intrusion attacks. |
| Q: Describe the regular test backup and recovery processes. |
| We are taking daily backup of databases and following monthly restoration testing of the backup taken. |
saas model
High availability is provided out of the box in SaaS model and for On SGNamecard deployments software has capability to be deployed in high availability mode. The SGNameCard team SaaS architecture uses a multi-tenant data model to host all its data. Data for each tenant is held separately. All user data is protected from unauthorized access. This security policy was last updated on 22nd December 2021
Integrity
Data Security - Data is protected both at rest and in motion Auditability - Appropriate audit of all key activities are maintained
Technical & Software Support Availability
With the increasing use of technology in modern times, there is a growing requirement to provide technical support.
SGNameCard was amongst the first Digital Business card companies to have technical support and customer service departments.
These are often referred to as MSPs (Managed Service Providers)
Q: What hours is your Technical Support department available?
9am to 12am Singapore time (GMT +8)
Q: Describe how support issues are logged.
Customers will email us to our support group they will rectify within 24hrs time.
Q: Detail your problem escalation procedure.
itsecurity@sgnamecard.com.sg will address the issues if not solve escalate to itsupporturgent@sgnamecard.com.sg