Your data is safe with EMDESK

Developed and hosted in Germany

EMDESK is built exclusively by our employees with proven experience and reliability who are located in our headquarters in Germany. The production systems and customer data is stored in secure data centres with Open Telekom Cloud (OTC) in Germany.

Infrastructure security

To ensure the highest infrastructure security, EMDESK is hosted with the Open Telekom Cloud (OTC) – one of the most secure and modern cloud data centres in the world. OTC infrastructure is operated in Deutsche Telekom’s highly secure twin-core data centres in Magdeburg and Biere, Germany, as well as data backup. All services are strictly regulated and are regularly checked and certified by independent institutions, in order to meet the latest security and data protection requirements (TISAX, Trusted Cloud, ISO 14001, ISO 22301, ISO 9001, ISO 20000, ISO 27001, ISO 27017, ISO 27018, CSA Star Level 2, TÜV Trusted Cloud Service, TCDP version 1.0). For more information, visit: https://open-telekom-cloud.com/en/security/data-centers

Ferri Abolhassan, Director of T-Systems’ IT Division responsible for Telekom Security says that “Companies find what they are looking for in Biere: the highest level of security and reliability coupled with strict Germany data protection – an unbeatable combination.”

OTC’s data processing is strictly regulated by the German data protection act and compliant with GDPR which is certified in accordance with the Trusted Cloud Data Protection Profile (TCDP) 1.0. For more information, visit: https://open-telekom-cloud.com/en/security/data-protection-and-compliance

Data segregation & confidentiality

The production systems, the database and the network are physically and logically separated from the enterprise infrastructure. In addition, we separate customer accounts logically at the data layer.

There are strict security policies for employees’ access. Access to customer data is only a last resort option, strictly controlled and logged, technically and legally limited to a handful of employees to ensure appropriate customer support under strict confidentiality conditions and supervision of senior management.

To connect to our production infrastructure, employees must use secure authentication that is identity-based and restricted based on employee role using a least-privilege approach.

Our employees are trained on data protection and legally obliged to non-disclosure. When evaluating access levels, the security workgroup takes into account employee experience levels, responsibilities, and internal risk assessments.

Software development security

The software architecture and release cycle is designed to protect against security breaches. EMDESK uses a version control system to track changes to our code base. Changes to the architecture and code must follow the internal coding principles, security policies, and industry’s best practices for security. Changes are pushed to a staging server for thorough review and withstand numerous manual/automated tests before being released into production. At regular intervals we conduct source code reviews by our development advisory team.

Releases are typically deployed outside typical European business hours during a planned downtime period. Urgent changes can be made available on demand (e.g. a security patch).

User authentication

Each user in EMDESK has a unique account with a verified business email address. EMDESK forces users to set account passwords validated against password policies with high security criteria, including complexity, reuse, and expiration requirements. Passwords are hashed and salted in accordance with industry best practice. 2-Factor Authentication is available as an additional security measure to protect EMDESK accounts. User sessions and IP addresses are individually tracked and can be individually audited or revoked by their user. We have a maximum session duration configured.

Precise access control

Client administrators and managers administer user provisioning on their account, and have the option to control access through precise and cascading permission system. This allows admins to control each user’s or user group’s access throughout the project, while allowing project managers to further delineate permissions.

Project participation is limited to users invited to the project by a user with sufficient permissions, and range from full administrative privileges for that project, read/edit/manage permissions per section or element to read-only access.

Data encryption

EMDESK protects all data in transit or at rest using industry standard Transport Layer Security (TLS) and AES encryption. AES encryption is used for the transmission of any customer data between our datacenter locations, as well as between our data centres and end user devices. User files uploaded to EMDESK servers are automatically encrypted with AES 256 using per-file keys. These encryption keys are stored in a secure key vault, which is a separate database decoupled from the file storage layer.

Data redundancy, backup, and recovery

EMDESK’s data protection model provides near real-time database replication to ensure that customer data is both secure and available on redundant and geographically distributed servers in Germany. The exchange of data between them runs via their own network, separate from the internet.

A full backup is performed daily, encrypted, and stored in an environment separate from the primary servers to ensure fault tolerance. In an emergency, customer data from the past can be restored. Even in the unlikely event of multiple server failures, major disruptions, or disasters, we can recover the entire production system from our disaster recovery site, which includes a live updated standby database system.

Action traceability, content, and document recovery

The Activity Tracker logs all updates and actions along the entire project lifecycle with all details, user identity, and timestamps. This gives you control and traceability at all times.

If a user deletes project items, files, folders from the work space, EMDESK puts them into a separate recycle bin. Client administrators and managers can safely recover deleted items from the project’s recycle bin for 120 days after deletion.

With built-in document versioning, EMDESK saves a history of all previous versions of files, and allows you to restore them for up to 30 days. Unlimited version history is available on per-document basis.

Privacy and GDPR compliant

EMDESK is committed and obligated by European and German law to protect the privacy of users and their data. The EU’s General Data Protection Regulation (GDPR) and the German federal data protection act (BDSG) force organizations based in Germany and the EU, but also those outside of the EU processing the personal data of people residing in the EU, to comply with these regulations. These legislations give users greater security, transparency, and control of their personal data online – a principle we couldn’t agree more with.

We have certified our services, for which we act as data processor, under GDPR / BDSG. We have established processes to ensure that we respect your right to erasure, rectification, data portability, information and to be forgotten or restriction. We have a personal data registry that is maintained, pursuant to Article 30 of the GDPR. This lists out the type of personal data, where the personal data is stored, maintained, and processed, any data flow, who the responsible party is, and the retention times. For more information, see our Privacy Policy.

Availability and reliability (99.9% uptime)

We strive to ensure availability of more than 99.9% across all services, with all scheduled maintenance taking place outside typical European business hours. Over the years of continuous operation, EMDESK has reached or exceeded 99.9% uptime. Most updates and maintenance of production systems require no downtime. Production systems are hosted in the Open Telekom Cloud (OTC) and we operate multiple redundant systems that are resistant to any single point of failure. OTC can guarantee permanent data availability of up to 99.999 percent, which corresponds to Tier 3+ security. We publish the availability, which is tracked by external monitoring.

Monitoring

Application performance and safety are monitored around the clock by our in-house operations team. We test for intruders and attacks. We implement an Intrusion Detection System (IDS) with alarms to warn of suspicious activity. System and network logs are sent off-site to help respond to incidents and analyse root causes. We monitor all common vulnerabilities and exposures (CVEs) for our environment and typically patch critical vulnerabilities within 24 hours. To detect security vulnerabilities, EMDESK uses a combination of automated scanning, penetration testing, and third-party security research.

Business continuity

We have a proven track record and trusted customers for over a decade. Through years of successful and growing business since 2008 with over thousands of users and organisations, including hundreds with long-term subscriptions, we are committed and financially secure to delivering our services over the next decade.