At Nuxeo, we’re committed to helping companies protect not just their own confidential information, but also the data and content they manage on behalf of their customers. Our platform is built around the strictest security standards and procedures and provides a strategic security foundation to develop, test, and deploy highly-secure and content-critical applications.
The foundation of the Nuxeo approach to information security is based on our four key security elements.
Reliably identify the user and ensure her/his identity is propagated at all times. Nuxeo supports a wide array of authentication protocols and providers, including login/password, oAuth, SAML2, OpenID, LDAP/AD, Shibboleth, and advanced two-factor authentication (2FA).
Ensure each authorized user can access all permissible data and content, and perform all permissible actions (but nothing else) via ACLs and custom security policies.
Ensure all content is secure - whether at rest or in transit. Nuxeo Content Platform traffic is encryptable with SSL and is fully-configurable for optimum performance. Nuxeo also supports AES encryption of content at rest (in storage), including safe storage of keys within a hardware security module (HSM) connected to Java virtual machine (JVM). It is also possible to encrypt the backend database and search indexes at a system level.
In addition to taking a proactive stance against security breaches, our platform ensures an audit trail exists that provides a detailed history of all historical users and system activity.
We deliver content management as a cloud service with strictly-controlled security practices and protocols, validated by third-party auditors.
Nuxeo Content Cloud is delivered via the Amazon Web Services platform, which provides an extremely reliable environment that is trusted by many of the top global brands and businesses. The underlying infrastructure commits to 99.9% service availability - meaning that not only is your solution secure, but it will be accessible when you need it.
Whether you’re a European company or an organization outside of the EU that collects or processes the personal data of EU residents, Nuxeo can help you comply with GDPR. With Nuxeo, your organization will be able to ensure compliance with GDPR’s personal data rules and regulations in a timely manner.
Security comes first and we never compromise on security. Below are the information security standards
we adhere to.
PCI DSS provides security and privacy protocols for accepting, storing, processing, and transmitting payment card information, including cardholder data. It requires merchants and service providers that store, process, or transmit customer payment card data to adopt information security controls and processes to ensure data integrity.
SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. This report is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.