This section describes the physical security controls within the Monito business environment, including data access monitoring, OS hardening, vendor management, and vendor assessments.
Authorized system administrators access data through customer systems.
Access to information security management systems — such as the hypervisor, firewalls, vulnerability scanners, and APIs — is restricted, logged, and monitored.
Personnel access to the hypervisor management functions and management console that host the virtualization system is strictly restricted in accordance with the principle of least privilege.
For strong access control, we apply a range of technical measures, including two-factor authentication, audit trails, IP address filtering, firewalls, and TLS-encrypted communications.
The use of removable media is managed and restricted through endpoint security controls to protect against unauthorized data transfers and potential threats.
For optimal security, we recommend the following technical controls.
Enable the firewall to strengthen network protection.
Back up data regularly using a trusted cloud storage solution.
Disable remote access to mitigate potential vulnerabilities.
Encrypt sensitive data to protect it.
Install and enable antivirus protection tools to defend against malware and other threats.
Set up password protection and a screen saver to prevent unauthorized access.
Disable automatic login to strengthen authentication security.
Create a separate non-administrator account for everyday work to minimize the impact of a security breach.
Use a password manager to generate and manage strong passwords.
Enable automatic updates to apply the latest security patches and bug fixes.
Grepp, Inc. has implemented controls to manage its relationship with its cloud service provider, AWS. We enter into terms of use governing the access, processing, storage, and transmission of organizational information using supplier systems, conduct regular audits, and request security certifications.
In addition to audits and security certifications, we monitor supplier performance to ensure the security and availability of customer data.
Grepp, Inc. conducts an annual assessment of its cloud hosting vendors, led by a dedicated security team.
Because all Monito products are developed in-house, no separate controls are required to detect source code security defects associated with outsourced software development.