Is Rencore Governance secure?

Yes! Rencore Governance was built from the start with the highest security standards in mind to comply with the requirements of our enterprise and government customers around the world.

Infrastructure

Rencore Governance infrastructure is hosted on Microsoft Azure and passes all built-in automated regulatory compliance checks and security controls (Azure CIS 1.1.0, PCI DSS 3.2.1, SOC TSP, ISO 27001).

Database

Rencore Governance uses Azure Storage Accounts. The storage accounts have strong built-in encryption in Azure, as well as firewalls and restricted network access. By using a no-SQL database, we eliminate the inherent risk of SQL injections as well as other OWASP TOP 10 risks posed by using SQL.

Encryption

All information is encrypted.  Azure Storage Accounts have built-in support for encryption at rest, and in-transit. In addition to this, we add another layer of cryptographic AES 256-bit industry-standard encryption around the data before it is transmitted to the storage.  All transmission from the application to the end-user are SSL encrypted. 

Application

In the future, we want to automate code security analysis, as well as penetration testing, against OWASP issues ensuring resilience against those threats. The codebase will automatically be scanned with vulnerability scanners and security analyzers during build.

Authentication

Rencore Governance uses Azure AD applications. Customers consent to these AAD apps to grant the Rencore Platform access to the data required to perform analysis and monitoring.  Customers can at any point revoke the App-Only or Delegated permissions granted to our applications.  Rencore never asks for or stores any usernames or passwords. 

For more detailed security information about the various components and the measures that we take to ensure the safety of our customer's data, please reach out to our team.