Key Security Principles
๐ก๏ธ
Defence in Depth
Multiple layers of security controls
๐
Least Privilege
Minimum permissions granted for users
๐
Zero Trust
Verify every request, trust nothing
๐๏ธ
Data Isolation
Complete separation between tenants
๐ก
Continuous Monitoring
Real-time threat detection & response
Architecture Security โ Multi-Tenant Isolation
| Component | Security Control |
|---|
| Database | Dedicated SQL Server database per tenant โ complete schema isolation |
| Authentication | User-tenant mapping enforced at application layer before data access |
| Encryption | TDE (Transparent Data Encryption) enabled on all tenant databases |
| Backups | Per-tenant backup policy with independent restore capabilities |
โ
Benefits of Database-Per-Tenant
Complete data isolation: No possibility of cross-tenant data leakage
Independent scaling: Each tenant scales based on usage
Simplified compliance: Clear data boundaries for regulations
Performance isolation: One tenant's load doesn't impact others
Easy data portability: Tenant data exported as a complete unit
โ
Architecture Tiers
Physical Tier: Managed by the customer on-premises
Data Processing & Storage: Custom C# code + MS SQL Server
Reporting Tier: Internal facing, Custom code + Power BI
Development Language: C# leveraging .NET framework
Third-party relationships: Everything is developed in-house
Authentication & Authorization
Multi-Factor Authentication (MFA)
All user accounts require MFA using email-based verification codes as an additional security layer beyond passwords.
6-Digit Codes
Cryptographically secure random codes generated per session
5-Minute Expiry
Limits window for code interception attacks
60s Resend Cooldown
Prevents automated brute-force attempts
Single-Use Codes
Each code invalidated immediately after successful use
Audit Trail
All MFA emails logged for security review
No Clear Text Logins
No plain-text logins to any internet-accessible systems
Role-Based Access Control (RBAC)
| Role | Access Level | Capabilities |
|---|
| SuperAdmin |
Platform-wide access across all tenants |
Tenant management, user administration, system configuration, audit log access |
| Admin |
Tenant-specific administrative access |
User management within tenant, configuration, imports/exports, reporting |
| User |
Standard read access within assigned tenant |
Dashboard viewing, report generation, data export (own data only) |
Data Security & Encryption
๐พ Data at Rest
Database encryption: TDE with AES-256
Backup encryption: Customer-managed keys
File storage encryption: Azure Storage Service Encryption
Key management: Secure encrypted key management
๐ Data in Transit
TLS 1.3: All client-server communication encrypted
HTTPS enforcement: HTTP auto-redirected to HTTPS
Database connections: Encrypted SQL Server with certificate
API integrations: OAuth 2.0 with TLS for external services
Application Security
Code Security Practices
Input validation: All user input validated and sanitized
SQL injection prevention: Parameterized queries via Entity Framework Core
XSS protection: Razor auto encoding + Content Security Policy
CSRF protection: Anti-forgery tokens on all state-changing operations
Secure session management: HTTP-only cookies, SameSite=Strict
Dependency Management
Automated vulnerability scanning: NuGet packages scanned for known CVEs
Regular updates: Monthly review and update of dependencies
Security patches: Critical patches applied within 48 hours
Version pinning: Explicit version specifications in project files
Incident Response
๐จ Response Phases
1
Detection & Analysis
Automated alerts trigger investigation within 15 minutes
2
Containment
Isolate affected resources, prevent lateral movement
3
Eradication
Remove threat and close identified vulnerabilities
4
Recovery
Restore normal operations with enhanced monitoring
5
Post-Incident Review
Lessons learned and process improvement
โก Incident Classification
| Severity | Response | Examples |
|---|
| P1 Critical | 15 minutes | Data breach, auth bypass, ransomware |
| P2 High | 1 hour | Privilege escalation, DDoS attack |
| P3 Medium | 4 hours | Suspicious login patterns, vulnerability |
| P4 Low | 24 hours | Policy violations, config issues |
Business Continuity & Recovery Objectives
4 hrs
Recovery Time Objective (RTO)
Critical systems restored within
1 hr
Recovery Point Objective (RPO)
Maximum acceptable data loss
99.9%
Availability SLA
Guaranteed platform uptime
