Authing安全与合规-一站式身份认证-零信任网络-Authing身份云以开发者为中心

Safety and security policy

With the development of the company, complex personnel management and user access behavior in different scenarios will bring potential threats to the network. Whether the system access behavior and employee account status can be monitored in a timely and effective manner has a great impact on company security. Moreover, security audits that fail to record login information and ignore identity management will also threaten the security of the system, and for login anomalies and Illegal authorization to access and other phenomena can not be found in a timely manner to deal with; can not grasp the process of account privileges granted, the accident can not be traced. At the same time, a manual audit is inefficient and error-prone.

Authing solution

Visual security audits

User behavior audit: records every user visit, including time, visitor, location (IP address, machine number), as well as the application logged in, whether the login was successful or not.

Administrator behavior audit: records administrator account permission assignment operations.

Application access: helps enterprises understand the real access situation of each application, help determine the value of software usage and optimize IT investment costs.

Multi-factor login

Authing smart platform will monitor users for suspicious logins or abnormal behavior and will automatically enable multi-silver authentication based on the situation, greatly improving security.

Support for customization by person/department

Password management

Authing supports the custom setting of strong password policy for successful login, etc.

Set different password policies for different people (groups)

Encrypted transmission and storage

Data storage is encrypted by AES-256 algorithm.

Data are encrypted and transmitted through SSL/TLS protocol.

2048-bit RSA key is managed by KMS management key, and the key is rotated periodically to ensure high security of one password at a time.

Adaptive MFA for Account Login.

Detailed Data Access and Operation Log Audit.

Client Data Security Policy Management.

Data High Availability, Multiple Copy Redundancy Storage and full backup on a regular basis.

To ensure data availability, integrity and data security

In all aspects, security defenses.

Full life-cycle security protection

7x24-hour security emergency response | Two locations and three backup centers to ensure quick recovery in case of disaster | All-round guarantee to provide continuous and stable service.

Compliance

As an enterprise-level SaaS service and identity service provider that concerns the core secrets of enterprises, Authing always puts security in the first place. Authing has international authoritative security certification and mature information security management system to secure the whole life cycle of software, with reliable data security protection and round-the-clock security emergency response measures.

ISO Quality System Certification

ISO 9001 quality system certification is the foundation of enterprise development and growth. Authing's acquisition of this certification is a full affirmation of our long-term work in the construction of a privacy compliance system. The Authing security team has been committed to protecting user privacy and data security and providing users with transparent, efficient, safe and reliable services.

GDPR General Data Protection Regulation

The General Data Protection Regulation, referred to as GDPR, is a regulation of the European Union. The predecessor was the "Computer Data Protection Law" formulated by the European Union in 1995. Authing’s data center, management system, R&D, and functional departments have passed this certification, which means that we have been benchmarked with international standards in the field of information security management, have sufficient information security risk identification and control capabilities, and can provide global customers with safe and reliable service.

Authing was included in White Paper on China Cyber Security Industry (2018).

When Authing was first launched, it was selected as an "Innovative Enterprise in Domestic Identity Management and Access Control" by the China Institute of Information and Communications Technology (CIIT) and was included in White Paper on China Cyber Security Industry (2019).

Three levels of protection

Ministry of Public Security Information Security Level 3 Certification GB/T 22239-2008 Information Security Technology Information System The Basic Requirements for Security Level Protection, referred to as Security Level Protection, is an information security standard issued by the Standardization Administration of China. It is a basic system of information security in China. The level is divided into 1 to 5 levels according to the importance of the information system from low to high, and different security levels implement different protection strategies and requirements. the Authing uses a Level 3 information system protection strategy that has been successfully evaluated by a professional evaluation organization. signifies that we have security protection capabilities recognized by the authority in terms of physical, network, host, application and data. And it reached a high level in the industry.