Intranet Security

We lose sleep over it, so you never have to.
Oak is hosted on one of the most secure, stable and widely respected platforms in the world; Microsoft Azure.
Leveraging all of their strengths, we’ve created a robust security framework that ensures only authorised users can access, view or modify Oak content or applications, leaving you free to focus your energy on making your intranet shine. Here are some of its key aspects.
Microsoft Azure

We have data centres across the world including the UK, Ireland, Germany, USA, Australia and Singapore. We are happy for an organisation to choose where they would like their data to be stored.

An Azure data centre is physically protected (security guards, biometrics, restricted access) but Oak also network restricted through firewalls with only HTTPS traffic publicly allowed. Azure also offers intrusion and DDoS protection, and they will take proactive measures to protect Oak should an external attack be detected.

All Azure data centres are serviced by multiple high speed and low latency internet connections will full redundancy and failover capability.

Location Based Restrictions

It is possible to lock down an Oak site so that it can only be accessed from specific physical locations. This is done at a low level, and via network IP address ranges; it even prevents access to the login page. This feature allows subscribers to blend the best of the cloud and on-premise worlds.

Authentication

  • Active Directory (Windows) Credentials – Users are able to use their existing Windows login details in order to access their Oak site. This can also be achieved via an automatic single sign-on process that removes the need for users on a local LAN from having to enter their credentials manually.
  • Oak supports Authentication via SAML 2.0 including popular service providers like Myagi, NGA and Okta. The list is growing all the time so please ask for up to date details if you need them. After integration, users can log into your community without having to register for an account, and their data will be automatically imported into Oak. No login required.
  • Office 365 Credentials – It is possible to use an Office 365 login to access an Oak site; in early 2017 this will also support seamless Single Sign-On for people already currently logged into 365.
  • Other third-party credentials – Oak also supports the use of existing credentials from these other third-party identity providers including Microsoft, Google, Facebook, Linkedin and Twitter.
  • Native Oak credentials – This is a standard username/password combination that is issued by an Oak site, for use on that site alone.

Oak Security Framework Features

Oak offers several application security features built into the Core Oak framework and handled automatically. They include:

  • Content security policy – This prevents unauthorised embedding of external content in Oak and prevents users from executing arbitrary JavaScript code. These are two common ways that hackers will try to exploit a web-based system.
  • Mandatory login for all pages – Apart from the login page, all pages in Oak are automatically secured against unauthorised access.
  • Forced SSL with downgrade protection. Oak enforces SSL strictly and by working with the browser, it can prevent a man-in-the-middle attack from downgrading the SSL protocol or even removing it completely.
  • Strong SSL encryption – Oak employees all the latest SSL best practices currently holds an A-rated SSL encryption scheme.
  • Cross-site scripting protection – Oak prevents scripts from running from any third-party domains. This is a common method used by hackers to trick users into divulging credentials or other sensitive information.
  • Anti-forgery protection – This protects Oak users from hackers attempting to submit data to Oak from a third party domain.

Oak Security Testing

Security and penetration testing is a fundamental part of Oak development and testing. For internal testing, we use several “best of breed” software tools however we also regularly have our software and mobile apps independently tested by NCC Group for security, penetration and infrastructure testing. The latest reports can be provided on request.

 

Data Storage, Backup and Transfer

Needless to say, we look after your Oak data. All Oak content is replicated at least 3 times within the same datacentre. Your data will be backed up automatically once per day, and we will always retain the last seven daily backups. Backups data is also shipped to a secondary Data Centre, that is guaranteed to be physically located several hundred miles from the primary Data Centre.  Data is only ever transmitted in encrypted form and it is inaccessible remotely. The application is delivered over an SSL encrypted connection, and that is the only way data can be consumed.

Password Policies

Oak requires that all passwords are at least eight upper, lower and numeric characters for normal users and at least twelve upper, lower and numeric characters for administrative users. Oak also will challenge folk with a “Captcha” after 3 unsuccessful login attempts and lock the user completely out after 5 unsuccessful attempts. Users are also automatically signed off the intranet after a period of inactivity.

 

GDPR Support

Oak includes several tools that help you to comply with the GDPR regulations that came online in May 2018. They include an auditing tool, a contact register and several reports that highlight any user’s digital footprint on your Intranet

If you’re not using Oak, you’re working way harder than you should be

Artboard 2 copy 7