IRIS OpenSpace is hosted on the Microsoft Windows Azure platform in their EU zone and therefore fully complies with UK data protection guidelines.
IRIS OpenSpace relies on Microsoft’s security procedures to ensure physical protection of our systems.
All user passwords are Hashed and Salted. Hashing means that IRIS OpenSpace only stores encrypted passwords and therefore it is not possible for anyone to view an actual password in the database.
Salting means that even in the instance of a rainbow attack is not possible to crack the encrypted password even if someone were to gain access to our user access database which is protected by Microsoft’s Windows Azure built in security.
Only the actual user of an account sets their password; not even the system administrator can set, view or change an individual user’s password.
The only way a password can be reset is via a uniquely generated password reset link that is emailed to the user.
Files are encrypted in transit using SSL and AES.
User account and application data is stored in a separate dataset on Microsoft Windows Azure from files that have been uploaded by users;
this ensures that application maintenance and enhancements are done without requiring access to customer files.
We run separate instances of Azure for development and the live product, with strict procedures and policies in place restricting access to the live instance.
This protects both customers and IRIS staff from accidental or unauthorized access.