Privatlocker
Security
World class security architecture to keep your valuable digital documents safe.
Security is key
Our Security commitment to you
Privatlocker is committed to the security of our client’s information. We focus on providing you with superior quality security and confidentiality in all critical security areas including infrastructure, application, and personnel security. Secure storage of your private and sensitive documents is assured with built-in protections against malware, spam and ransomware. Privatlocker provides encrypted and secure access to your files.
Files are proactively scanned and removed when malware, spam, ransomware or phishing is detected. And Privatlocker is cloud-native, which eliminates the need for local files and minimises risk to your devices.
It's all about Security
Full list of Security Features
At Privatlocker, we understand that for you to have confidence in storing your important documents with us requires total confidence in our security protocols.
So here’s the full list of features we use to achieve just that.
Multi Factor Authentication
Multi Factor Authentication (MFA) based signup via One Time Password (OTP) for authenticating users and allowing access to the platform.
Encryption
256-bit AES and SSL/TLS encryption is the strongest and most robust encryption standard that is commercially available today.
PIN protection:
Users are able to set a PIN for added security which may be used at Account and Locker levels.
ISO 27001 certified Data Centre
The application is hosted on Google’s ISO 27001 security certified data centre
Timed Log Out:
To protect your account from unauthorised access, our system is designed to terminate session automatically if extended inactivity is detected.
Security Audit:
Audited by recognised audit agencies and the application security audit certificate are obtained at regular intervals.
User Consent Based System:
Data is shared only with the user’s explicit consent. All sharing and access activities are logged and conveyed to the User. Organisations that need access to users’ documents need explicit consent from the user.
Standard Practices:
Privatlocker follows standard software development practices of uniform coding standards, guidelines and reviews. Every release is reviewed and tested internally for security and penetration vulnerabilities before deployment on our servers.
what is zero trust?
Zero Trust Security Explained
Privatlocker emphasises a proactive and dynamic approach to security that aligns with the changing nature of cyber threats and the evolving IT landscape.
Privatlocker Zero Trust is built on three core concepts:
Verify Explicitly: Privatlocker emphasises the importance of authenticating and authorising users and devices before granting them access to resources. In our Zero Trust environment, nothing is assumed to be inherently trusted. Every user, device, or application attempting to access resources must go through a robust identity verification process. This involves multi-factor authentication (MFA), which requires users to provide multiple forms of evidence to prove their identity. By verifying explicitly, Privatlocker ensure that only authorised and legitimate entities gain access to sensitive assets.
Least Privilege: Privatlocker adopts the principle of “Least Privilege" which focuses on granting the minimum level of access necessary for users, devices, and applications to perform their tasks. This means that even if a user’s identity is verified, they can only have access to the tools and data required for their role. By restricting access rights to Privatlocker, the potential impact of a security breach is significantly reduced. If an attacker gains access to a user’s credentials, the damage they can inflict is limited.
Assumed Breach: Instead of assuming that the Privatlocker perimeter is impenetrable, Zero Trust assumes that breaches can and will occur, whether from external attackers or insider threats. This principle acknowledges the reality of the evolving threat landscape and focuses on rapid detection and response to security incidents. Privatlocker continuously monitors, detects anomalies, and is ready to minimise the time attackers have within the network.
By adhering to these three core principles, Privatlocker has established a robust and adaptive security posture. Our Zero Trust architecture recognises that traditional perimeter-based security measures are no longer sufficient to protect our network, which includes cloud location, remote access scenarios, and a variety of devices.
It's all about Security
Our other Security Protocols
Infrastructure Security
Google Cloud: SOC 2 compliant data centre, Symantec virus scanning, redundant virtual server environment.
State-of-the-art: Physical security and fire systems.
Firewall: Monitored firewall mechanisms and intrusion detection software.
Personnel Security
Employment: Pre-employment screening, background checks and NDAs for all staff.
Policies: Quality and access control policies and procedures.
Training: Comprehensive staff training.
Operational Procedures
Privatlocker follows best practices to keep your data secure.
We regularly audit our environments and code for security issues and apply patches expeditiously. We use commercial services that regularly check our site and we retain our own security experts to probe and verify the security of our site.
No Access
Our strict internal procedures prevent any Privatlocker employee from gaining access to your account beyond the limited amount of data necessary to help grant you access to your account and restricting access to your account in urgent circumstances.
Privatlocker employees can never see your data or any documents that you upload and Privatlocker logs and regularly audits all accesses to your account
need some help?
Still have a question regarding security?
If you would like to find out more about Privatlocker or have a question you would like answered with regards to security, then please reach out to our support team – we would be happy to help.
