The following are some of the security features that Qtis offers in its core system:
In addition to entering an email address and password, users can also implement a one-time use passcode (OTP) required for a user to login. This feature, which updates for every new login adds another level of protection for system users mitigating the compromise of unwanted access.
Qtis employs AES encrypting of passwords. The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organizations.
90 Day Password Rule
Users are required to change their login passwords every 90 days.
Logging in to Qtis is important and we also considered the fact that some may reuse passwords. Therefore, Qtis will remember the previous 5 passwords and will not allow users to reuse a password that has been used recently.
Login Blocked after 5 Failed Login Attempts
Qtis will lock an account down if a user attempts to login 5 times and the credentials are incorrect. While some companies use a timeframe of 1 hour increments to block logins, others may use IP addresses. We won’t share which one we use but know we’ve considered all options and have deployed the most beneficial for our clients.
We utilize the latest Secure Socket Layer (SSL) encryption technology available to protect the privacy of our client’s data.
Data in Transit
Our database connections are encrypted with standard authentication and the same SSL encryption technology mentioned previously. At no point in the network path will data be unencrypted.
Our SQL database are encrypted with standard authentication and the same SSL encryption technology mentioned previously.
Qtis offers granular user permission settings to minimize the opportunity for error and keep a close eye on who has access to what by department and by case.
Enjoy comprehensive access logs detailing date, time, and user, for every single action performed in Qtis. Device information, along with IP address information, is collected every time a user logs in to the system.
We understand that every business is different and has unique needs, which is why we offer the option for your Qtis to utilize either a local server or a cloud server to host your data. Keep a physical, on-site local server, or enjoy the industry-leading security standards of AWS cloud hosting.
Full Audit Trail
Access detailed information of all activities inside of Qtis. Whether its data changes or user activity, Qtis will register actions and can be traced back to a user and a device on any given date and time.
By timing sessions for each individual user, Qtis logs inactivity and cues an automatic logoff after remaining inactive for a certain amount of time, allowing for further protection of private data and eliminating data breaches caused by oversights. Although this can be customized by the client, by default we have it set to 5 minutes of inactivity. When Qtis logs the user off, it also registers the reason for logging the user off during the session in the audit trail.
Safeguarding Your Software, Before, During and After Deployment
Our dedicated quality assurance engineers understand that with the exponential growth and diversification of sensitive data and complex regulatory landscape, the risk for security breaches and IP theft has only grown. That’s why we provide the most thorough QA and security protocol programming solutions possible.
Software Security Solutions
Our experts provide IT security solutions for networks, mobile applications, servers, web apps, databases, big data servers, web services and more to protect against potential internal, external and accidental security threats. We perform risk assessments, security audits, data threat analyses, data mapping and classification services and expert- level encryptions, as well as continuous system monitoring.
Identity and Access Management
We implement enterprise-level Identity and Access Management (IAM) protocols, enabling your IT team to easily handle privileged access and entitlement management, access certification and remediation, role-based provisioning, embedded credential management and more.
Governance, Risk and Compliance
Our risk management solutions are designed for complete compliance with government- sanctioned regulations and industry best practices for data integrity. We perform thorough internal audits and ensure all data is properly classified, security infrastructure baseline standards are met, and third-party software is similarly compliant.
Application Security Solutions
When building a custom mobile or web application, we introduce robust security protocols into the development lifecycle as early as possible, automating code reviews and tests when we can. In addition to performing enterprise-wide dynamic application security tests (DASC), we check individual apps for ineffective security standards, business logic flaws, injected stealth code (malware, hidden sites, backdoors), poorly structured deployment environments and more.
Cyber and Infrastructure Security
After performing system-wide risk assessments, we implement proactive cyber security solutions that provide real-time visibility for the whole enterprise’s IT infrastructure. Our solutions include file integrity monitoring, firewall auditing and next-gen firewall (NGFW) implementation, network access control, intrusion detection and prevention systems (IDS/IPS) and advanced persistent threat (APT) protection.
Security Testing Solutions
Our dedicated QA engineers stage proactive white, gray and black box penetration tests throughout the development lifecycle to detect configuration errors, software bugs and backdoors that can be exploited by hackers. We enact system-wide backup and disaster recovery solutions before pen testing to ensure the integrity of the entire IT infrastructure while performing these simulations.
Sensitive data is encryption in config file to protect SQL Connections, passwords, User IDs and services.
Code binaries are obfuscated to protect from reverse engineering the code. This protects hashing and encryption keys along with code logic.