Security
How is data secured?
Sensitive data is split and stored in encrypted format. In transit, all database connections, intra micro-service connections and UI connections are encrypted via TLS.
Does PrivX support limiting certain functionalities on protocol, e.g. deny port forwarding on SSH tunnel or clipboard on RDP session?
Yes, channel controls are available. However note that with SSH exec
you can get the shell
even when it is disabled on the ssh-channel listing.
Does PrivX support the least privilege principle for granting access to managed resources?
Yes, this is the main principle of PrivX Role Based Access (RBAC). Roles can de defined on multiple elevation levels and grant access rights based on IDM/AD/AAD or ServiceNow.
Does PrivX undergo security testing before release to the market?
Yes, PrivX goes through various security testing - SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), penetration Testing (by 3rd party) is performed during development and before final release to the market.