Security
Table of Contents
Customer trust and data security are critical to everything we do at Marvia. Every day we ensure that our security is parallel with industry standards and compliance.
Software Security
SSO
Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
Permissions
Marvia is a SaaS subscription accessible globally via a web browser. A strict roles system secures our solution. We enable permission levels within the tool to be set for users and groups. Permissions can be set to include:
- Access to modules/ features
- Access to actions
- Access to content.
- Rights within templates
- Access to designated parts of the admin
- Rights to download/ order with or without workflow
Password and Credential Storage
Marvia enforces a password complexity standard and uses OpenSSL encrypt and decrypt to store credentials and sensitive data. The encryption algorithm is specified by the Advanced Encryption Standard (AES).
Uptime
We have an uptime of 99.9% or higher.
Network and Application Security
Data Hosting and Storage
Marvia's services and data are hosted in Amazon Web Services (AWS) facilities in Frankfurt (eu-central-1). All hosting and storage are 100% aligned with the restrictive EU data protection laws. AWS is renowned for rigorous security. For their hosting compliance, please visit AWS Amazon.
Failover and DR
Marvia was built with disaster recovery in mind. Our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data centers fail.
Virtual Private Cloud
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.
Back-Ups and Monitoring
On an application level, we produce audit logs for all activity. Our Certified AWS hosting and Security partner Webslice manages the server logs within AWS. All actions and activities in the Marvia application are logged in the database. Our database is backed-up every 24 hours.
Permissions and Authentication
Access to customer data is limited to authorized employees who require it for their job. Marvia is served 100% over HTTPS. We have Single Sign-on (SSO) and strong password policies on Google, AWS, and Marvia to protect access to cloud services.
Encryption
All data sent to or from Marvia is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only. SSL/TLS certificates are used to secure network communications and establish the identity of Marvia over the Internet and resources on private networks.
The SSL and TLS protocols use an X.509 certificate (SSL/TLS server certificate) to authenticate both the client and the back-end application. An X.509 certificate is a digital form of identification issued by a certificate authority (CA). It contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer.
Pentest and Vulnerability Scanning
Marvia uses third-party security tools to scan for vulnerabilities continuously. Periodically we engage third-party security experts to perform detailed penetration tests on the Marvia application and infrastructure.
Incident Response
Marvia implements a protocol for handling security events, including escalation procedures, rapid mitigation, and post-mortem. All employees are informed of our policies.
In case of a 'critical incident' or 'security breach', Marvia will immediately inform its clients. Marvia will take all necessary steps to reduce the impact and prevent a recurrence.
Subprocessors
Marvia uses the following subprocessors:
- Amazon Web Services (AWS): for physical server hosting of the application
- Webslice: for managing the servers at Amazon
Additional Security Features
OS Protection
All Marvia employees are obliged to work with up-to-date operating systems and software. Internal rules around a clean desk, clear screen, encrypted laptops, password managers, 2FA, mobile storage devices, and virus scanners are described in the Marvia Employee Handbook.
Physical security
Marvia has a set of measures in place to guard the physical security of its employees and office. These are described in our internal security policy and are reviewed annually.
Training
All employees complete Security and Awareness training annually.
Policies
Marvia has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Confidentiality
All employee contracts include a confidentiality agreement.
Security Questions?
If you think you may have found a security vulnerability, please get in touch with our security team at security@getmarvia.com. Make sure you check out our responsible disclosure and bug bounty policy first.
Learn more about Marvia by reading our Privacy Policy.