It has been a year since the Incident Tracker hosted web app has moved to the Microsoft Azure cloud; and to mark that anniversary the team behind the move wanted to take the opportunity to talk a bit more comprehensively about data security.
Incident Tracker has always utilized best practices when online security has been concerned. However beyond the standard practices of using SSL, TLS, MD5 encryption, etc… Incident Tracker provides the application administrators other security measures to allow a deeper level of self governance in regards to data security. First off, customers can have a virtual directory set (that converts to an MD5 hash at runtime) to help protect the live URL of their deployment, because no search engines can spider this private and individualized URL only your users will be aware of its existence.
Secondly, site admins can set site-wide password policies, including the ability to set a minimum amount of characters needed for a proper password, the complexity rules (numbers, letters, symbols etc…) and force password changes for individual users or set a global password change on a recurring time cycle, for example: all users must change their passwords every 6 months.
Thirdly, site admins can set a “no activity timeout” threshold, so for example if a logged in user walks away from his or her device and no activity is detected for x minutes and auto-logoff can occur.
And lastly for on premise customers automatic Active Directory synchronizing can occur for logins, allowing only users who exist in your local Active Directory to have the ability to access Incident Tracker. Of course along with on premise installs complex firewall protection rules can be set in place to further protect your data.
The Incident Tracker team is proud to boast a 0% breach rate over 15 years of hosting. We are very proud to be a zero incident provider and will work hard to continue our perfect record. As always we thank you all for you support, and look forward to keeping your data safe.