Qtis Security Features – Zinatt Technologies, Inc.

The following is a list of security features that Qtis offers in its core system:

Two-Factor Authentication
In addition to entering an email address and password, users can also implement a one-time use passcode (OTP) required for a user to login. This feature, which updates for every new login adds another level of protection for system users mitigating the compromise of unwanted access.

Password Encryption
Qtis employs AES encrypting of passwords. The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organizations.

90 Day Password Rule
Users are required to change their login passwords every 90 days.

Password History
Logging in to Qtis is important and we also considered the fact that some may reuse passwords. Therefore, Qtis will remember the previous 5 passwords and will not allow users to reuse a password that has been used recently.

Password Policy
Users are required to set passwords that are at minimum 12 characters in length, include special characters, letters, numbers, upper case and lower case.

Login Blocked after 5 Failed Login Attempts
Qtis will lock an account down if a user attempts to login 5 times and the credentials are incorrect. While some companies use a timeframe of 1 hour increments to block logins, others may use IP addresses. We won’t share which one we use but know we’ve considered all options and have deployed the most beneficial for our clients.

SSL Certificates
We utilize the latest Secure Socket Layer (SSL) encryption technology available to protect the privacy of our client’s data.

HTTPS
Secure transferring of data. We have enabled the HSTS protocol (HTTP Strict Transport Security) on all of our servers. HTTP Port is also auto-redirected to HTTPS and HSTS core headers are set for Production environments.

Data in Transit
Our database connections are encrypted with standard authentication and the same SSL encryption technology mentioned previously. At no point in the network path will data be unencrypted.

Database Encryptions
Our SQL database are encrypted with standard authentication and the same SSL encryption technology mentioned previously.

User Permissions & Controls
Qtis offers granular user permission settings to minimize the opportunity for error and keep a close eye on who has access to what by department and by case.

Immediate Termination of Active Sessions
When permissions are changed or any system users are disabled any active sessions will be immediately terminated and the user will be logged out. User will not be able to regain access unless the account is enabled by their administrator.

Access Logs
Enjoy comprehensive access logs detailing date, time, and user, for every single action performed in Qtis. Device information, along with IP address information, is collected every time a user logs in to the system.

Hosting Options
We understand that every business is different and has unique needs, which is why we offer the option for your Qtis to utilize either a local server or a cloud server to host your data. Keep a physical, on-site local server, or enjoy the industry-leading security standards of AWS cloud hosting.

Full Audit Trail
Access detailed information of all activities inside of Qtis. Whether its data changes or user activity, Qtis will register actions and can be traced back to a user and a device on any given date and time.

Inactivity
By timing sessions for each individual user, Qtis logs inactivity and cues an automatic logoff after remaining inactive for a certain amount of time, allowing for further protection of private data and eliminating data breaches caused by oversights. Although this can be customized by the client, by default we have it set to 5 minutes of inactivity. When Qtis logs the user off, it also registers the reason for logging the user off during the session in the audit trail.

Safeguarding Your Software, Before, During and After Deployment
Our dedicated quality assurance engineers understand that with the exponential growth and diversification of sensitive data and complex regulatory landscape, the risk for security breaches and IP theft has only grown. That’s why we provide the most thorough QA and security protocol programming solutions possible.

Software Security Solutions
Our experts provide IT security solutions for networks, mobile applications, servers, web apps, databases, big data servers, web services and more to protect against potential internal, external and accidental security threats. We perform risk assessments, security audits, data threat analyses, data mapping and classification services and expert- level encryptions, as well as continuous system monitoring.

Identity and Access Management
We implement enterprise-level Identity and Access Management (IAM) protocols, enabling your IT team to easily handle privileged access and entitlement management, access certification and remediation, role-based provisioning, embedded credential management and more.

Governance, Risk and Compliance
Our risk management solutions are designed for complete compliance with government- sanctioned regulations and industry best practices for data integrity. We perform thorough internal audits and ensure all data is properly classified, security infrastructure baseline standards are met, and third-party software is similarly compliant.

Application Security Solutions
When building a custom mobile or web application, we introduce robust security protocols into the development lifecycle as early as possible, automating code reviews and tests when we can. In addition to performing enterprise-wide dynamic application security tests (DASC), we check individual apps for ineffective security standards, business logic flaws, injected stealth code (malware, hidden sites, backdoors), poorly structured deployment environments and more.

Cyber and Infrastructure Security
After performing system-wide risk assessments, we implement proactive cyber security solutions that provide real-time visibility for the whole enterprise’s IT infrastructure. Our solutions include file integrity monitoring, firewall auditing and next-gen firewall (NGFW) implementation, network access control, intrusion detection and prevention systems (IDS/IPS) and advanced persistent threat (APT) protection.

Security Testing Solutions
Our dedicated QA engineers stage proactive white, gray and black box penetration tests throughout the development lifecycle to detect configuration errors, software bugs and backdoors that can be exploited by hackers. We enact system-wide backup and disaster recovery solutions before pen testing to ensure the integrity of the entire IT infrastructure while performing these simulations.

Encrypted Configuration
Sensitive data is encryption in config file to protect SQL Connections, passwords, User IDs and services.

Anti Virus on AWS Cloud Services
Anti-Virus is enabled on our EC2 databases. We are using AWS RDS (Relational Database Service) Service for our web server.

Coming Soon

IP Restrictions: can be set by the user. This will require the user to be logged in from that unique IP address in order to allow logins. This setting is by user account. Super admins can set this IP restrictions at the tenant level.

Smart Tokens: cryptic unique values/file that is downloaded after the first successful login on any device to include computers and phones.

New Sign in Location Notification
Users will receive an email notifying them of a new login from a new location. This will allow our clients to rest assured they will be notified when their system is accessed from a new location every time no matter the day or the time.