# What are the security aspects of on-premise deployment? ### Description space.vars.SITENAME stores end system's credentials. How does it secure end system's data? What are the various security measures followed in space.vars.SITENAME to ensure the data used and accessed using space.vars.SITENAME is secure? ### Solution #### Data Access Customer data privacy and protection is the top-most priority at OpsHub. To ensure the same, space.vars.SITENAME follows the measures given below. * space.vars.SITENAME doesn't connect to any system outside company's firewall unless explicitly requested by the customer to do so. * space.vars.SITENAME doesn't access any system within company firewall unless explicitly requested by the customer to do so. * space.vars.SITENAME doesn't directly receive any sensitive information from space.vars.SITENAME itself post installation unless shared by customer. * Access to space.vars.SITENAME is completely under the control of customer and cannot be accessed by OpsHub or any third party directly unless customer shares access credentials using web meeting. * All logs, configuration details, and sync details are stored in customer specified physical location and cannot be accessed by space.vars.SITENAME, unless shared by customer. #### Data Security * Users must authenticate themselves with a user name and password to gain access to space.vars.SITENAME. * All space.vars.SITENAME users' passwords are stored with one-way hash with a salt so decrypting space.vars.SITENAME passwords is not possible. * space.vars.SITENAME stores sensitive data such as system's passwords, API token, database password in an encrypted format so that only space.vars.SITENAME can access it and others can't access it. {% if "OpsHub Integration Manager" === space.vars.SITENAME %} #### HTTPS deployment space.vars.SITENAME supports https deployment. This option is available during installation. For more information please refer [Advance Installation](https://docs.opshub.com/v7.216/getting-started/installation#advance-installation). * HTTPS is a way to encrypt information exchanged between a browser and a web server. This protects 'man-in-the-middle' attacks, where someone steals the information being sent to a web server. * space.vars.SITENAME supports TLS 1.3 protocol. {% endif %} #### Third Party Services/Libraries space.vars.SITENAME doesn't outsource any part of the software development or services to any third-party organization. However, we do use some third-party libraries & jars that come bundled with product and don't require additional license or installation. For seeking further information on third party jars, please reach out to account management team or your sales point of contact. #### Application Security Ensuring comprehensive security for space.vars.SITENAME is important to us. We take multi-layer approach to ensuring proper security implementation in space.vars.SITENAME. * space.vars.SITENAME conducts application vulnerability testing with every release using an industry-leading web application vulnerability testing provider to ensure that space.vars.SITENAME application and network environment is secured from outside attack. * Next layer we use is based on OWASP project () to ensure space.vars.SITENAME meets all OWASP security guidelines. Scans are carried regularly, and it is ensured that no high/critical/Medium vulnerability exists in product. #### Code Security Audits space.vars.SITENAME conducts security audit of code base as a part of every release. We analyze the entire code base for any high/critical vulnerabilities and in rare situations, if any high/critical vulnerabilities are found, it is fixed. Security audit tool extensively covers OWASP Top 10 and CWE guidelines.