Intranet Security

We lose sleep over it, so you never have to.

Your intranet data remains secure as Oak is hosted on one of the most secure, stable and widely respected platforms in the world, Microsoft Azure.
Microsoft Azure

Oak is hosted on data centres around the world in the UK, Ireland, Germany, USA, Australia and Singapore. You get to choose where you want your data to be stored.

An Azure data centre is heavily protected, with Oak’s network restricted through firewalls only allowing in HTTPS access. Azure security offers intrusion and DDoS protection, and they take proactive measures to protect Oak should an external attack be detected.

All Azure data centres are serviced by multiple high speed and low latency internet connections will full redundancy and failover capability.

Location Based Restrictions

Blend the best of cloud and on-premise security and lockdown access to Oak from specific physical locations through your chosen network of IP addresses.

Authentication

Sign onto Oak with a dedicated username and password, or use Single Sign-On through existing login credentials from:

  • Windows
  • Active Directory
  • Integrated systems, such as SharePoint and Office 365
  • Third-party providers, such as Microsoft, Google, Facebook, LinkedIn and Twitter

Oak supports authentication via SAML 2.0, including popular service providers like Myagi, NGA and Okta. After integration, staff data is automatically imported into Oak so they can log into Oak Intranet through SSO.

Oak Security Framework Features

Oak offers several application security features built into the Core Oak framework and handled automatically. They include:

  • Content security policy – This prevents unauthorised embedding of external content in Oak and prevents users from executing arbitrary JavaScript code. These are two common ways that hackers will try to exploit a web-based system.
  • Mandatory login for all pages – Apart from the login page, all pages in Oak are automatically secured against unauthorised access.
  • Forced SSL with downgrade protection. Oak enforces SSL strictly and by working with the browser, it can prevent a man-in-the-middle attack from downgrading the SSL protocol or even removing it completely.
  • Strong SSL encryption – Oak employees all the latest SSL best practices currently holds an A-rated SSL encryption scheme.
  • Cross-site scripting protection – Oak prevents scripts from running from any third-party domains. This is a common method used by hackers to trick users into divulging credentials or other sensitive information.
  • Anti-forgery protection – This protects Oak users from hackers attempting to submit data to Oak from a third party domain.

Oak Security Testing

Security and penetration testing is a fundamental part of Oak development and testing. For internal testing, we regularly have our software and mobile apps independently tested by NCC Group for security, penetration and infrastructure testing. The latest reports can be provided on request.

Password Policies

Oak requires that all passwords are at least eight upper, lower and numeric characters for normal users and at least twelve upper, lower and numeric characters for administrative users. Oak also will challenge folk with a “Captcha” after 3 unsuccessful login attempts and lock the user completely out after 5 unsuccessful attempts. Users are also automatically signed off the intranet after a period of inactivity.

Data Storage, Backup and Transfer

Needless to say, we look after your Oak data. All Oak content is replicated at least 3 times within the same datacentre. Your data will be backed up automatically once per day, and we will always retain the last seven daily backups. Backups data is also shipped to a secondary Data Centre, that is guaranteed to be physically located several hundred miles from the primary Data Centre.  Data is only ever transmitted in encrypted form and it is inaccessible remotely. The application is delivered over an SSL encrypted connection, and that is the only way data can be consumed.

GDPR Support

Oak includes several tools that help you to comply with the GDPR regulations that came online in May 2018. They include an auditing tool, a contact register and several reports that highlight any user’s digital footprint on your Intranet