Your Data, Always Secure
Our mission is to give customers insight into their data. Our responsibility is to make sure that data is kept in a system using the highest security standards.
Onna has numerous attestations from third-party industry leaders and adheres to industry-accepted best practices and standards defined by NIST 800-53, SANS and OWASP, ensuring your data is safe at all times.
Your data is stored on a highly trusted cloud platform that has numerous attestations from third parties with regard to physical security, data center operations, and personnel security. We support two-factor authentication through SAML.
All of our servers run on private networks behind tightly controlled firewalls. We keep our development and production environments separate and limit production access to a few trusted individuals.
We encrypt data while in transit and at rest. Data is stored on encrypted storage volumes. Transport Layer Security (TLS v1.2) protocol is used to secure all communication between the desktop and web client to the backend servers – nothing is ever sent in clear text.
Third Party Applications
We use OAuth 2.0 protocol (token-based authentication) to connect to third-party data providers, such as Gmail, Dropbox, Office 365, and Slack. We will never ask for your credentials to these services and will securely store the authentication token that is generated by the service when you authorize our access. We only request from you the “must-have” permissions for these service providers, which in most cases is read-only.
All public facing services shall provide communication strictly through the Transport Layer Security protocol TLS v1.2. No data shall ever be exchanged with Onna systems in plain text or known less secure SSL implementations.
SOC 2, Type II