Proximia security policy

Security is at the heart of what we do - helping our customers improve their security and compliance posture starts with our own.

Foundational Principles

Zero Trust is a cybersecurity framework designed to minimize risks by assuming that no entity—whether inside or outside the network—can be automatically trusted. It relies on continuous verification and strict access controls. The pillars of Zero Trust include the following:

Compliance

Proximia is in the process of obtaining SOC 2 Type II compliance certification and becoming HIPAA compliant. Visit our Trust Center for progress.

01. Identity

  • Verify the identity of users, devices, and services through strong authentication mechanisms, such as multi-factor authentication (MFA), biometrics, and secure single sign-on (SSO).
  • Enforce least privilege access based on roles and policies.

02. Devices

  • Continuously monitor and secure all devices accessing the network.
  • Ensure device compliance by checking their security posture, such as patch levels, antivirus status, and encryption.

03. Network

  • Segment networks to limit lateral movement in case of a breach.
  • Use microsegmentation and granular controls to protect sensitive data and applications.
  • Encrypt network traffic both internally and externally (e.g., TLS, VPN).

04. Applications

  • Ensure that applications are secured against vulnerabilities and accessible only to authorized users and devices.
  • Monitor application usage to detect anomalous behaviors and potential threats.

05. Data

  • Classify and protect sensitive data with encryption, data loss prevention (DLP), and access controls.
  • Enforce policies to ensure data is accessed securely and used appropriately.

06. Workloads

  • Protect workloads in cloud, on-premises, or hybrid environments.
  • Apply consistent security policies to containerized, virtualized, or serverless workloads.

07. Visibility & Analytics

  • Continuously monitor and analyze network traffic, user behavior, and device activity for real-time threat detection.
  • Use tools like SIEM (Security Information and Event Management) and UEBA (User and Entity Behavior Analytics) for insights.

08. Automation & Orchestration

  • Implement automated responses to threats and policy violations.
  • Use tools like SOAR (Security Orchestration, Automation, and Response) to streamline incident management.
  • Verify the identity of users, devices, and services through strong authentication mechanisms, such as multi-factor authentication (MFA), biometrics, and secure single sign-on (SSO).
  • Enforce least privilege access based on roles and policies.
  • Continuously monitor and secure all devices accessing the network.
  • Ensure device compliance by checking their security posture, such as patch levels, antivirus status, and encryption.
  • Segment networks to limit lateral movement in case of a breach.
  • Use microsegmentation and granular controls to protect sensitive data and applications.
  • Encrypt network traffic both internally and externally (e.g., TLS, VPN).
  • Ensure that applications are secured against vulnerabilities and accessible only to authorized users and devices.
  • Monitor application usage to detect anomalous behaviors and potential threats.
  • Classify and protect sensitive data with encryption, data loss prevention (DLP), and access controls.
  • Enforce policies to ensure data is accessed securely and used appropriately.
  • Protect workloads in cloud, on-premises, or hybrid environments.
  • Apply consistent security policies to containerized, virtualized, or serverless workloads.
  • Continuously monitor and analyze network traffic, user behavior, and device activity for real-time threat detection.
  • Use tools like SIEM (Security Information and Event Management) and UEBA (User and Entity Behavior Analytics) for insights.
  • Implement automated responses to threats and policy violations.
  • Use tools like SOAR (Security Orchestration, Automation, and Response) to streamline incident management.

These pillars work together to build a comprehensive security posture that aligns with the principles of Zero Trust: “Never trust, always verify” and “Assume breach.”

Data protection

Icon Data at Rest 3

Data at Rest

All repositories, including those containing customer data, are securely encrypted at rest. Sensitive database data is abstracted and protected through multiple layers of encryption. This ensures that the data is encrypted even before it is stored in the database, rendering both physical and logical access to the database insufficient to decipher the most sensitive information.

Icon Data in Transit 3

Data in Transit

Proximia employs mTLS 1.3 or a higher protocol for secure data transmission across potentially insecure networks. We utilize JSON Web Tokens (JWTs) to manage authentication and authorization, incorporating robust security features such as expiration durations and the utilization of cryptographic algorithms for signing. This ensures that tokens cannot be tampered with or reused after their expiration date.

Icon Vault 4

Vault

Encryption keys are securely managed in Azure Key Vault using Hardware Security Modules (HSMs). This prevents direct access by any individuals, including employees of Proximia or cloud providers. The keys stored in HSMs are utilized for encryption and decryption operations via APIs. Legacy Application secrets are triple-encrypted and stored independently from identifying data, utilizing distinct keys for each encryption layer.

Product Security

Penetration testing

Penetration Testing

Proximia collaborates with a highly esteemed penetration testing consulting firm within the industry on an annual basis. The assessments encompass all aspects of the Proximia product and cloud infrastructure, with source code fully accessible to the testers to enhance the effectiveness and comprehensiveness of the evaluations.

We provide comprehensive penetration test reports through our Trust Center.

Vulnerability scanning

Vulnerability Scanning

Proximia requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):

Static analysis (SAST) testing of code during pull requests and on an on-going basis

Software composition analysis (SCA) to identify known vulnerabilities in our software supply chain

Malicious dependency scanning to prevent the introduction of malware into our software supply chain

Dynamic analysis (DAST) of running applications

Network vulnerability scanning on a period basis

External attack surface management (EASM) continuously running to discover new external-facing assets

Enterprise Security

Endpoint Protection

All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We utilize MDM software to enforce secure configuration of endpoints, including disk encryption, screen lock configuration, and software updates.

Secure Remote Access

Proximia secures remote access to internal resources using Zero Trust Remote Network (ZTRN), a highly secure remote solution. In addition to the network pipe having end-to-end impenetrable encryption, the inlet is protected with dynamic-proximity and biometric triggers that leverage a continuous, mutual zero trust authentication paradigm.

Security Education

Proximia provides comprehensive security training to all employees upon onboarding and annually through educational modules. Additionally, all new employees attend a mandatory onboarding session centered around fundamental security principles. Furthermore, all new engineers attend a mandatory onboarding session focused on secure coding principles and practices.

Proximia’s security team disseminates regular threat briefings to employees, informing them of pertinent security and safety-related updates that necessitate special attention or action.

Identity & Access Management

Proximia uses Connect - Proximia's Zero Trust identity and access software with persistent protection from login and beyond.

Proximia employees are granted access to applications based on their role and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.

Proximia employees are granted access to applications based on their job role. Upon termination of employment, access is automatically deprovisioned. Additional access must be approved according to the policies set for each application.

Vendor Security

Proximia employs a risk-based approach to vendor security assessment. Factors that influence the inherent risk rating of a vendor include access to customer and corporate data, integration with production environments, and potential for damage.

Following the determination of the inherent risk rating, the security of the vendor is evaluated to determine a residual risk rating and facilitate a vendor approval decision.

Enterprise Security IT2

Data privacy

At Proximia, data privacy is a cornerstone of our operations. We are committed to being reliable custodians of all sensitive information.

Icon Reg Compliance

Regulatory Compliance

Proximia evaluates updates to regulatory and emerging frameworks continuously to evolve our program.

Icon Privacy Policy

Privacy Policy & DPA

View Proximia’s Privacy Policy