inndox Cyber Security Environment - August 2024
From its earliest development phases, it was identified that inndox would run as a Software as a Service (SaaS) offering in the Amazon Public Cloud (AWS). The cloud environment supports rapid development and deployment for customers with the ability to adjust capacity very quickly in the event of a significant increase in volume (potentially associated with a disaster event). The business environment of 2024 brings with it many risks associated with data breach and cybersecurity, running inndox in the AWS cloud offers several advantages over an inhouse customer implementation:
| Security Control | Implemented in inndox – Y/N | Available to Customer |
|---|---|---|
| Secure Infrastructure: AWS provides a highly secure infrastructure, which includes physical data center security, network security, and access controls. AWS data centers are designed to meet industry-leading security standards, including ISO 27001, SOC 1/2/3, and PCI DSS compliance. By running inndox on AWS, we leverage this robust security infrastructure. | Y | Y |
| Data Security: All inndox customer data is held in their country of domicile. For Australian customers both the primary and backup data centres are within Australia. | Y | Y |
| DDoS Protection: Distributed Denial of Service (DDoS) attacks can disrupt services and compromise data availability. AWS offers built-in DDoS protection, such as AWS Shield, that automatically detects and mitigates common types of DDoS attacks, ensuring that your inndox application | Y | Y |
| remains accessible even during an attack | ||
|---|---|---|
| Identity and Access Management (IAM): AWS IAM enables you to manage and control access to your inndox resources. You can define fine-grained permissions and access controls, granting the least privilege necessary for users, applications, and services. This helps prevent unauthorized ac | Y | N - This relates to AWS access control and is only available to inndox architects. |
| Encryption: AWS provides multiple encryption options to secure data in transit and at rest. We use SSL/TLS certificates for secure communication with your inndox application and AWS key Management Services (KMS) to manage encryption keys. Additionally, Amazon S3, which is often used for storing data, supports server-side encryption to protect data at rest | Y | Y |
| Messages in flight are encrypted via Https protocol. Data at rest is not encrypted but the option is available using Amazon S3. While this option is available the down sides from a support and data perspective means that inndoxdoes not recommend enabling the ability | Y | Y |
| Automated Security Services: AWS offers a range of automated security services, such as AWS WAF (Web Application Firewall), AWS GuardDuty, and AWS Macie. These services can detect and prevent common web application attacks, monitor for suspicious activities, and help you identify sensitive data to ensure compliance with data protection regulations | Y | inndox has WAF enabled. Other services available on customer request subject to testing and cost considerations |
| Monitoring and Logging: AWS provides various monitoring and logging services, such as AWS CloudTrail, Amazon CloudWatch, and AWS Config. These services enable you to monitor and audit activities within your inndox environment, detect anomalies, and setup alerts for potential security breaches or vulnerabilities | Y | The option exists to implement the AWS tools and feed the resultant messaging to a customer SOC or management process |
| remains accessible even during an attack | ||
|---|---|---|
| Disaster Recovery: AWS provides robust disaster recovery capabilities, including backup and replicationservices. You can take advantage of features like AWS Backup and Amazon S3 cross-region replication to create backups of your inndox data and ensure business continuity in the event of a cyber incident | Y – database backed up daily and retained for 30 days. Infrastructure is managed by AWS and backed up across site within Australia | |
| Scalability and Flexibility: AWS offers scalable infrastructure that allows you to easily adjust resources based on demand. This flexibility enables you to implement security measures like load balancing and auto-scaling, ensuring your inndox application remains available and responsive while handling varying workloads | Y | |
| Compliance and Auditing: AWS provides a wide range of compliance certifications and attestations, including GDPR, HIPAA, and ISO 27001. By running inndox on AWS, we leverage these certifications to simplify compliance efforts and meet regulatory requirements | Y | |
| PCI/DSS Compliance – inndox does not carry any PCI data (Credit card and similar) but rather leverages the Stripe payment engine. inndox does not process any credit card traffic as it sits at the back end of the Stripe service | Y | |
| Source code Management. Bit Bucket is used as the code repository for inndox using git as the distributed version control system. | Y | |
| Release Management. There are two main branches: staging and deploy. A commit to either of those branches triggers CI/CD pipeline in Azure Devops to build and release code to the respective environment (staging for QA, and production). There are separate repositories and separate pipelines for the Front-Endand Back-End code bases which are developed and released separately, but often in conjunction. | Y |
The cyber strategic overlay for inndox is one of leveraging partner capabilities to ensure a robust posture. Key partners such as AWS, Atlassian, and Stripe are all ISO 27001 compliant and inndox operates under the veil of their security. The security roadmap for inndox supports growth of its internal capabilities in line with the growth of the business. An external cyber security audit review conducted in 2020 confirmed this approach as suitable for the business stage inndox is within.
Client Testimonials
Phillip Haralampou Place Estate Agents
I'm an Architect that carries out Pre.Settlement/Handover Building Inspections and have been using Inndox for more than 2 years now. An Inndox folder is set up for each property and the Client is provided with their inspection report, together with professional contacts and other useful information. The Client can add their own information such as insurance policies and trade contacts, and receives automated reminders that help them keep their property maintained. The Inndox logbook can also be easily shared with other stakeholders such as a Property Manager or Solicitor. Also, one of the main benefits of Inndox is that access can be can be passed on to successive owners of the property so that the history of the property is retained.
Daniel Flett MD, Foresight Property Group
Christmas time last year, I had a project finishing. It was a development of four large 3 storey townhomes, the spec was high-end with a lot of custom-built inclusions. There was a lot of extra paperwork for special consents and variations. Handovers have always been a time-consuming chore so we were keen to give inndox a try. The handover took a matter of minutes instead of a full week and the feedback from the owners was very positive. We’ll be using inndox on our next project and happy to recommend it to other developers.
Mark Reynolds MD, Foresight Property Group
We are a small building company in Perth and we started using Inndox a few months ago. We are extremely happy with the software as it has allowed us to save a lot of time by losing all the paperwork at handover. The platform is easy to use, looks very professional and allows all required documents to be held in one place, all at a very reasonable price. Andrew is always happy to help and answer questions. Highly recommend this product!
John Henao Property Developer
I've been using Inndox for about 6 months and as an Engineer I love technology that can solve a problem. Inndox makes it easy to handover and manage property files. I even think it makes the property more saleable and more valuable too.
Lee Sorby MD, Foresight Property Group
Inndox has done an incredible job at revolutionising and streamlining the way project records are managed. Their user friendly solution significantly reduces the admin workload and is a complete game changer. I highly recommend this software, get in touch with Andrew and Trish for a chat.
John Cavaleire MD, Foresight Property Group
Great user interface, intuitive, easy to use, clear and very helpful to remove all clutter of physical files and put them in one place for future reference. Never try finding a file or a document again. its all in one place handy for reference. Give it a go
Leeanne Stevens MD, Foresight Property Group
This platform is a really safe place for my property records, quick and easy to use. Definitely needed in the property industry