Protege tus datos y cumple con las normativas

Para proteger los documentos, las fotos y los archivos adjuntos que los usuarios cargan, Procore utiliza los centros de datos de alta seguridad de Amazon Web Services (AWS), S3 (Amazon Simple Storage Service). Amazon Web Services proporciona herramientas de categoría empresarial que han demostrado ser confiables y seguras para las aplicaciones web actuales.

Procore emplea muchas de las normas de encriptación de datos que usan los grandes servicios de banca en línea. Los datos en reposo se encriptan y almacenan al resguardo de los firewalls de Procore en una infraestructura de nube privada y segura.

La arquitectura de seguridad de red de Procore emplea el protocolo de Seguridad en la capa de transporte (TLS) v1.2 para garantizar que la interacción de los usuarios con Procore a través de Internet sea segura y que las transmisiones no sean vulnerables frente a atacantes externos. Para los datos en tránsito, Procore utiliza encriptación de 256 bits. Los datos que fluyen entre Procore y el usuario se encriptan con HTTPS protegido por TLS v1.2. La principal ventaja de TLS es la protección de los datos de una aplicación web contra la divulgación y la modificación no autorizadas cuando se transmiten entre clientes (navegadores web) y el servidor de la aplicación web, así como entre el servidor de aplicaciones web y el back end u otros componentes empresariales que no se ejecutan en un navegador.

Procore mantiene una estrategia robusta de “alta disponibilidad” para proteger a sus clientes contra problemas de software, fallas de hardware e incluso catástrofes naturales a gran escala. Procore conserva varias copias del software de las aplicaciones en cada servidor. Todos los datos se copian a un almacenamiento fuera de las instalaciones cada 20 minutos. Luego, se usan tecnologías de replicación para distribuir estas instantáneas sin conexión a distintas partes de Estados Unidos. Conservamos el software en docenas de servidores y guardamos copias remotas en distintos centros de datos seguros. Esta diversidad ofrece protección contra fallas de hardware y problemas locales en el servicio.

Procore employs what many consider the industry standard for API authorization - OAuth 2.0. The OAuth 2.0 authorization framework provides a secure means of authorizing and authenticating access to user data for third-party applications. OAuth 2.0 relies on SSL (Secure Sockets Layer) to ensure data transfer between the web server and browsers remains private and is kept safe. OAuth 2.0 is designed to protect Procore user data by providing access without revealing the identity of the user. Third-party applications make requests on behalf of the user without accessing passwords and other sensitive information.

Procore secures 3rd party application access to customer data with 3 methods:

• Applications can only be installed by a user who has authenticated successfully and has the correct permissions of company administrator as defined by the RBAC model for the account.

• When an application is installed, an OAUTH2 token is generated to authorize a specific scope for data access based on what the application needs to function.

• Data transfers via API are secured with TLS 1.2 as described above.

Any data being transferred is encrypted, which means the information is converted to a code that can only be understood at the other end, at its intended destination. Procore follows some of the strongest industry standards for encryption. We use firewalls, which block unauthorized access to information while enabling outward communication. Data is encrypted when it is stored on servers, as well.

Ensuring access to business information is one of the greatest benefits to using a cloud-based service. Backup copies of information are kept in alternate locations in case of a disaster, which is known as redundancy. And the software is scanned for any anomalies to detect coded threats, without actually reading the information. We have a dedicated team to monitor and respond to network threats, rather than a customer trying to do it all on their own. Procore has a set of procedures to follow called an Incident Response Plan to help ensure business continuity to our users.

First, there are IT security management standards, which you could compare to the kinds of standards you see around building or manufacturing. (ISO) 27001:2013 Is a framework for confidentiality, integrity and availability of information as well as legal compliance. SSAE18 SOC 2 Speaks to how we maintain confidentiality and security of data. Procore also engages third parties to review our program through an exercise called Penetration and Vulnerability Testing, as well as auditing and ensuring compliance with a number of industry standards. Next, Procore helps Customers meet their data protection regualtory requirements around what personal information can be collected, how it can be used, and who can access it.