Is it a dedicated or a shared environment?
Customers have their own dedicated Office 365 tenant. Decisions’ Microsoft Azure services are shared.
If it is a shared environment, how is the data segregated from other shared environments?
All of Decisions’ Azure services require a signed in user to call the API and the tenant ID is automatically identified from the claims in the authentication token. All communication between customer devices and customer’s Office 365 tenant is direct communication and is not routed through any of Decisions’ Azure services. Also note that no user of Decisions will ever get access to data they do not already have access to in their Office 365 tenant, as these permissions are managed by Office 365.
How is security managed in the shared environment?
The customer is in full control of their Office 365 tenant, and Decisions integrates seamlessly with features such as conditional access and Azure information protection, sensitivity labels, etc. Decisions’ Azure services are deployed with limited access to only a few selected employees, all requiring multi-factor authentication. In addition, we have put in place automated deployment pipelines with manual gates for approving a build for production. We are also in the process of implementing ISO 27001, which will be in place the second half of 2020.
Who has access to the infrastructure, hardware, software, data?
No one in Decisions has access to customers’ Office 365 without the customer explicitly giving access. Only select, credentialed employees have access to Decisions’ Azure infrastructure.
What application & data access audit logs are available?
As Decisions is built on top of Office 365, the same audit logs are available to the customers. As the Decisions Azure infrastructure is a shared environment, those logs are only available to selected Decisions employees for review. These logs contain metadata about application usage to support the Decisions team in optimizing the user experience and the availability of Decisions. The Decisions Azure logs also contain infrastructure data related to performance and configuration changes.
How is the primary data encrypted?
Decisions’ Microsoft Azure services such as Storage and Cosmos DB use the built-in encryption features that are part of the platform.
How is the backup data stored?
For Microsoft Azure storage accounts, Decisions operate our own backups. These are replicated to nearby Microsoft Azure data centers as raw data but encrypted at rest. See Microsoft’s page on Cosmos DB backup functionality.
What type of investigative support is provided in cases of breach?
As all customer data is stored at the customer’s Office 365, all existing investigative support features for breaches apply. That said, the Azure logs provide insights in the unlikely event of breaches of our Azure infrastructure. Additionally, note that the reason Decisions uses Microsoft Azure PaaS is because Microsoft Azure handles all the infrastructure security, enabling Decisions to focus on application security.
What options are available to return the data?
As all customer data is stored in the customer’s Office 365 tenant, there is usually no need to export additional metadata from Decisions. If this is still needed, it can be managed on a case–by-case basis. Data in the Decisions database is deleted within 30 days after end of contract. Backed up data will be removed within 60 days.