Security

AgenterBooks gives Software as a Service(SaaS) products to millions of users worldwide to solve their business issues. Security is a key element in our offerings, and is reflected in our people, process, and items. This page covers topics like data security, operational security, and physical security to describe how we offer security to our customers.

Overview

Our security strategy involves the following components

Organizational security
Operational security
Physical security
Infrastructure security
Data security
Identity and access control
Incident management
Responsible disclosures
Vendor management
Customer controls for security

Organizational security

We have an Information Security Management System (ISMS) in place which takes into account our security objectives and the risks and mitigations concerning all the interested parties. We employ stern policies and procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data.

Employee background checks

Each employee undergoes a process of background verification. We hire reputed external agencies to do this check on our behalf. We do this to authenticate their criminal records, previous employment records if any, and educational background. Until this check is done, the employee is not assigned tasks that may pose risks to users.

Security Awareness

Every employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they go through training in information security, privacy, and compliance. Furthermore, we asses their understanding through tests and quizzes to determine which topics they require further training in. We give training on specific aspects of security, that they may require based on their roles.

Dedicated security and privacy teams

We have dedicated security and privacy teams that executes and manage our security and privacy programs. They engineer and preserve our defence systems, develop review processes for security, and continuously monitor our networks to discover suspicious activity. They offered domain-specific consulting services and guidance to our engineering teams.

Internal audit and compliance

We have a dedicated compliance team to review procedures and policies in Agenter books to align them with standards, and to determine what controls, processes, and systems are required to meet the standards. This team also does regular internal audits and facilitates independent audits and assessments by third parties. For more queries, check out our compliance portfolio.

Endpoint security

Workstations issued to Agenter employees run up-to-date OS version and are configured with anti-virus software. They are configured such that they comply with our standards for security, which need all workstations to be properly configured, patched, and be tracked and monitored by agenter books endpoint management solutions. These workstations are secured through as they are configured to encrypt data at rest, have secured passwords, and get locked when they are idle. Mobile devices utilized for business purposes are enrolled in the mobile device management system to ensure they meet up with our security standards.

Physical security

At workplace

We control access to our asset (buildings, infrastructure and facilities), where accessing includes consumption, entry, and utilization, with the help of access cards. We give employees, contractors, vendors, and visitors with separate access cards that only allow access strictly specific to the purpose of their entrance into the premises. Human Resource (HR) team establishes and keep up the purposes specific to roles. We keep up access logs to spot and address anomalies.

At Data Centres

At our Data Centres, a co area provider takes the responsibility of the building, cooling, power, and physical security, while we give the servers and storage. Access to the Data Centres is limited to a small group of allowed personnel. Any other access is raised as a ticket and permited only after the approval of respective managers. Additional two-factor authentication and biometric authentication are needed to enter the premises. Access logs, activity records, and camera footage are available in case an incident happens.

Monitoring

We observe all arrival and exit movements throughout our premises in all our business centres and data centres through CCTV cameras deployed according to local regulations. Back-up footage is available up to a specific period, depending on the requirements for that location.

Infrastructure security

Network security

Our network security and monitoring techniques are designed to deliver multiple layers of protection and defence. We use firewalls to block our network from unapproved access and undesirable traffic. Our systems are segmented into separate networks to secure sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting Agenter books production infrastructure.

Network redundancy

All the components of our platform are redundant. We utilize a distributed grid architecture to shield our system and services from the effects of possible server failures. If there's a server failure, users can carry on as usual because their data and Agenter books services will still be available to them. We additionally utilize multiple switches, routers, and security gateways to ensure device-level redundancy. This prevents single-point failures in the internal network.

DDoS prevention

We utilize technologies from well-established and trustworthy service donors to block DDoS attacks on our servers. These technologies offer multiple DDoS mitigation capabilities to block disruptions caused by bad traffic while allowing good traffic through. This retains our websites, applications, and APIs highly available and performing.

Server hardening

All servers provisioned for development and testing activities are hardened (by disabling new ports and accounts, deleting default passwords, etc.). The base Operating System (OS) image has server hardening built into it, and this OS image is provisioned in the servers, to make sure consistency across servers.

Intrusion detection and prevention

Our intrusion recognition mechanism takes note of host-based signals on individual devices and network-based signals from monitoring points within our servers. Administrative access, use of confidential commands, and system calls on all servers in our production network are logged. Rules and machine intelligence built on top of this data give security engineers warnings of probable incidents. At the application layer, we have our proprietary WAF which works on both whitelist and blacklist rules.

Data security

Secure by design

Every change and the new feature are governed by a change management policy to ensure all application changes are authorized before implementation into production. Our Software Development Life Cycle (SDLC) mandates adherence to highly secure coding guidelines, as well as the screening of code changes for potential security issues with our code analyser tools, vulnerability scanners, and manual review processes. Our robust security framework based on OWASP standards, applied in the application layer, gives functionalities to mitigate threats such as SQL injection, Cross-site scripting and application layer DOS attacks.

Data isolation

Our framework distributes and keeps up the cloud space for our customers. Each customer's service data is logically divided from other customers' data using a set of secure protocols in the framework. This ensures that no customer's service data becomes approachable to another customer. The service data is saved on our servers when you use our services. Your data is owned by you, and not by Agenter books. We will not reveal this data with any third party without your consent.

Encryption

In transit: All customer data transmitted to our servers over public networks are secured using strong encryption protocols. We mandate all connections to our servers utilized Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers, for all connections including web access,API access,our mobile apps, and IMAP/POP/SMTP email client access. This make sure a secure connection by allowing the authentication of both parties involved in the connection, and by encrypting data to be transferred. furthermore, for email, our services leverage opportunistic TLS by default. TLS encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol.

Data retention and disposal

We hold the data in your account as long as you choose to use Agenter Books Services. Once you terminate your Agenter Books user account, your data will get removed from the active database during the next clean-up that occurs once every 6 months. The data removed from the active database will be deleted from backups after 3 months. In case of your unpaid account being inactive for a continuous period of 120 days, we will terminate it after giving you prior notice and the option to back-up your data.

Identity and Access control

Single Sign-On (SSO)

AgenterBooks offers a single sign-on (SSO) that lets users access multiple services using the same sign-in page and authentication credentials. When you sign in to any Agenter Books service, it happens only through our integrated Identity and Access Management (IAM) service. We also support SAML for single sign-on that makes it possible for customers to integrate their company's identity provider like LDAP,ADFS when they login to Agenter Books services. SSO simplifies login process,ensures compliance, gives effective access control and reporting, and reduces the risk of password fatigue, and hence weak passwords.

Multi-Factor Authentication

It gives an extra layer of security by demanding an extra verification that the user must possess, in addition to the password. This can greatly reduce the risk of unapproved access if a user’s password is compromised. You can configure multi-factor authentication using Agenter Books One-Auth. Currently, various modes like biometric Touch ID or Face ID, Push Notification, QR code, and Time-based OTP are supported.

Administrative access

We employ technical access controls and internal policies to prohibit employees from randomly accessing user data. We adhere to the principles of least privilege and role-based permissions to decrease the risk of data exposure. Access to production environments is maintained by a central directory and verified using a combination of secure passwords, two-factor authentication, and passphrase-protected SSH keys. Moreover, we facilitate such access through a separate network with stricter rules and hardened devices. Furthermore, we log all the operations and audit them periodically.

Operational security

Logging and Monitoring

We monitor and analyse information collected from services, internal traffic in our network, and usage of devices and terminals. We document this information in the form of event logs, audit logs, fault logs, administrator logs, and operator logs. These logs are automatically observed and analyzed to a reasonable extent that helps us identify anomalies such as unusual activity in employees’ accounts or attempts to access customer data. We store these logs in a protected server isolated from full system access, to manage access control centrally and make sure availability.

Vulnerability management

We have a dedicated vulnerability management process that actively scans for security risks utilizing a combination of certified third-party scanning tools and in-house tools, and with automated and manual penetration testing efforts. Moreover, our security team actively reviews inbound security reports and obsess public mailing lists, blog posts, and wikis to spot security incidents that may influence the company’s infrastructure.

Malware and spam protection

We scan all user files utilizing our automated scanning system that’s designed to stop malware from being spread through Agenter Books ecosystem. Our custom anti-malware engine receives daily updates from external threat intelligence sources and scans files against blacklisted signatures and malicious patterns. Additionally, our proprietary detection engine bundled with machine learning techniques, Makes sure customer data is protected from malware.

Backup

We run incremental backups daily and weekly full backups of our databases using Agenter Books Admin Console (AC) for Agenter Books DCs. Backup data in DC is kept in the same location and encrypted using the AES-256 bit algorithm. We keep them in tar.gz format. All backed up data are retained for three months. If a customer asks for data recovery within the retention period, we will restore their data and allow secure access to it. The timeline for data restoration relies on the size of the data and the complexity involved.

Disaster recovery and business continuity

We scan all user files using our automated scanning system that’s designed to stop malware from being spread through Agenter Books ecosystem. Our custom anti-malware engine receives daily updates from external threat intelligence sources and scans files against blacklisted signatures and malicious patterns. Additionally, our proprietary detection engine bundled with machine learning techniques, makes sure customer data is secured from malware.

Incident Management

Reporting

We have a dedicated incident management team. We alert you of the incidents in our environment that apply to you, along with suitable actions that you may require to take. We track and close the incidents with proper corrective actions. Whenever applicable, we will identify, collect, acquire and deliver you with necessary evidence in the form of application and audit logs regarding incidents that apply to you. Furthermore, we implement controls to avoid the recurrence of similar situations.

Breach notification

It gives an additional layer of security by demanding an extra verification that the user must possess, in addition to the password. This can greatly decrease the risk of unauthorized access if a user’s password is compromised. You can configure multi-factor authentication using Agenter Books One-Auth. Currently, various modes like biometric Touch ID or Face ID, Push Notification, QR code, and Time-based OTP are supported.

Responsible Disclosure

Logging and Monitoring

A vulnerability reporting program in "Bug Bounty", to reach the community of researchers, is in place, which perceives and rewards the work of security researchers. We are committed to working with the community to verify, reproduce, respond to, legitimate, and execute appropriate solutions for the reported vulnerabilities.

If you happen to find any, please submit the issues at info@agenter.com .

Vendor and Third-party supplier management

We assess and qualify our vendors based on our vendor management policy. We onboard new vendors after understanding their processes for providing us servic and performing risk assessments. We take appropriate steps to make sure our security stance is kept up by establishing agreements that require the vendors to adhere to confidentiality, availability, and integrity commitments we have made to our customers. We find the effective operation of the organization’s process and security measures by conducting periodic reviews of their controls.

Customer controls for security

So far, we have discussed what we do to offer security on diverse fronts to our customers. Here are the things that you as a customer can do to make sure security from your end:


  • select a unique, strong password and protect it.
  • Use multi-factor authentication.
  • Use the latest browser versions, mobile OS and updated mobile applications to make sure they are patched against vulnerabilities and to use latest security features
  • Exercise reasonable precautions while sharing data from our cloud environment.
  • Classify your information into personal or sensitive and label it accordingly.
  • Find devices linked to your account, active web sessions, and third-party access to spot anomalies in activities on your account, and manage roles and privileges to your account.
  • Be aware of phishing and malware threats by looking out for unfamiliar emails, websites, and links that may exploit your sensitive information by impersonating Agenter Books or other services you trust.

Good customer experiences are built with Agenter. What our clients say

"AgenterBooks gives me the peace of mind that my bookkeeping is done correctly so that I can focus on growing my business."

AIDA SADHEEQUEENTREPRENEUR

"AgenterBooks was the missing piece of the puzzle. A reliable bookkeeper with a simple, elegant system, at a consistent monthly price. "

FARHAN UMER BUSINESS MAN

"AgenterBooks helps keep my business finances crystal clear. No more guessing, no more fumbling around in Excel sheets."

VEENA PRABHAKAR ENTREPRENEUR