Modern security is extremely complex; and we do our absolute best to keep your proprientary business data and your customer's personal information private and protected.
We use encrypted JSON Web Tokens (JWTs) for both web and mobile security. These JWTs are built upon multiple layers of security protocols. That is, the JWTs are granted to users after strong password confirmation, and only to known applications hosted on known SSL protected sites. Furthermore, the JWTs are also short-lived, so that in the rare case of being compromised, a hacker is limited to a brief window of time to do their dirty work.
The encrypted JWT encapsulates a user's permissions for each individual application thereby controlling not only what a user can do, but also what a user can see. We use claims-based Identity which allows for complete control over the granularity of a user's permissions. That is, a user may be granted rights at a functional Role-level, or if necessary, they can be granted rights based on application specific criteria.
Every company's user's actions are always logged; thereby making every user 100% accountable for their daily duties to the business owner. It is a well-known documented fact that security is often compromised from within a company. Hackers often spend days or weeks trying to crack a company's well configured firewall. However, a disgruntled or greedy employee can do serious damage quickly and then erase their tracks. Make sure your employees are accountable!
We use Google Authenticator as our primary two-factor authentication method. This is a globally recognized and respected proprietary service owned and maintained by Google. Again, built on top of multiple layers of security, each user is issued a private key, known only to themselves, once they have verified their personal identity via respected email servers such as Hotmail, Live and GMail.